ReportizFlow
Filtered by vendor
Subscriptions
Total
104 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13995 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2026-03-25 | 5 Medium |
| IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 could allow an attacker with access to one tenant to access hostname data from another tenant's account. | ||||
| CVE-2025-13327 | 2 Astral, Redhat | 3 Uv, Ai Inference Server, Openshift Ai | 2026-03-18 | 6.3 Medium |
| A flaw was found in uv. This vulnerability allows an attacker to execute malicious code during package resolution or installation via specially crafted ZIP (Zipped Information Package) archives that exploit parsing differentials, requiring user interaction to install an attacker-controlled package. | ||||
| CVE-2025-59785 | 1 2n | 1 Access Commander | 2026-03-05 | 7.2 High |
| Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges. | ||||
| CVE-2025-43878 | 1 F5 | 13 F5os-a, F5os-c, R10600 and 10 more | 2026-02-26 | 6 Medium |
| When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdump command utility on a F5OS-C/A system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2020-16220 | 1 Philips | 2 Patient Information Center Ix, Performancebridge Focal Point | 2026-02-23 | 4.3 Medium |
| In Patient Information Center iX (PICiX) Versions C.02, C.03, PerformanceBridge Focal Point Version A.01, the product receives input that is expected to be well-formed (i.e., to comply with a certain syntax) but it does not validate or incorrectly validates that the input complies with the syntax, causing the certificate enrollment service to crash. It does not impact monitoring but prevents new devices from enrolling. | ||||
| CVE-2025-20644 | 1 Mediatek | 41 Mt2735, Mt2737, Mt6833 and 38 more | 2026-02-17 | 6.5 Medium |
| In Modem, there is a possible memory corruption due to incorrect error handling. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01525673; Issue ID: MSV-2747. | ||||
| CVE-2025-25007 | 1 Microsoft | 4 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 1 more | 2026-02-13 | 5.3 Medium |
| Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-47912 | 1 Golang | 2 Go, Net | 2026-01-29 | 5.3 Medium |
| The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement. | ||||
| CVE-2024-8160 | 1 Axis | 3 Axis Os, Axis Os 2022, Axis Os 2024 | 2026-01-22 | 3.8 Low |
| Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-29041 | 2 Openjsf, Redhat | 7 Express, Apicurio Registry, Network Observ Optr and 4 more | 2025-12-18 | 6.1 Medium |
| Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. | ||||
| CVE-2023-27043 | 4 Fedoraproject, Netapp, Python and 1 more | 7 Fedora, Active Iq Unified Manager, Ontap Select Deploy Administration Utility and 4 more | 2025-12-18 | 5.3 Medium |
| The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. | ||||
| CVE-2025-67492 | 1 Weblate | 1 Weblate | 2025-12-17 | 5.3 Medium |
| Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability. | ||||
| CVE-2024-8925 | 2 Php, Redhat | 2 Php, Enterprise Linux | 2025-11-04 | 3.1 Low |
| In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to exclude portion of other data, potentially leading to erroneous application behavior. | ||||
| CVE-2025-54995 | 2 Asterisk, Sangoma | 3 Asterisk, Asterisk, Certified Asterisk | 2025-11-03 | 6.5 Medium |
| Asterisk is an open source private branch exchange and telephony toolkit. Prior to versions 18.26.4 and 18.9-cert17, RTP UDP ports and internal resources can leak due to a lack of session termination. This could result in leaks and resource exhaustion. This issue has been patched in versions 18.26.4 and 18.9-cert17. | ||||
| CVE-2025-55085 | 1 Eclipse | 1 Threadx Netx Duo | 2025-10-27 | 7.5 High |
| In NextX Duo before 6.4.4, in the HTTP client module, the network support code for Eclipse Foundation ThreadX, the parsing of HTTP header fields was missing bounds verification. A crafted server response could cause undefined behavior. | ||||
| CVE-2025-10954 | 2 Phonenumbers Project, Textit | 2 Phonenumbers, Phonenumbers | 2025-10-03 | 5.3 Medium |
| Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range". | ||||
| CVE-2025-36262 | 1 Ibm | 1 Planning Analytics Local | 2025-10-03 | 4.9 Medium |
| IBM Planning Analytics Local 2.0.0 through 2.0.106 and 2.1.0 through 2.1.13 could allow a malicious privileged user to bypass the UI to gain unauthorized access to sensitive information due to the improper validation of input. | ||||
| CVE-2024-6284 | 2 Google, Netfilter | 2 Nftables, Nftables | 2025-09-26 | 7.3 High |
| In https://github.com/google/nftables IP addresses were encoded in the wrong byte order, resulting in an nftables configuration which does not work as intended (might block or not block the desired addresses). This issue affects: https://pkg.go.dev/github.com/google/[email protected] The bug was fixed in the next released version: https://pkg.go.dev/github.com/google/[email protected] | ||||
| CVE-2024-52362 | 1 Ibm | 3 App Connect Enterprise Certified Container, App Connect Enterprise Certified Containers Operands, App Connect Operator | 2025-09-01 | 4.3 Medium |
| IBM App Connect Enterprise Certified Container 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, 12.7, and 12.8 could allow an authenticated user to cause a denial of service in the App Connect flow due to improper validation of server-side input. | ||||
| CVE-2024-39542 | 1 Juniper | 3 Junos, Junos Os, Junos Os Evolved | 2025-08-08 | 7.5 High |
| An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series with MPC10/11 or LC9600, MX304, and Junos OS Evolved on ACX Series and PTX Series allows an unauthenticated, network based attacker to cause a Denial-of-Service (DoS). This issue can occur in two scenarios: 1. If a device, which is configured with SFLOW and ECMP, receives specific valid transit traffic, which is subject to sampling, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. (This scenario is only applicable to PTX but not to ACX or MX.) 2. If a device receives a malformed CFM packet on an interface configured with CFM, the packetio process crashes, which in turn leads to an evo-aftman crash and causes the FPC to stop working until it is restarted. Please note that the CVSS score is for the formally more severe issue 1. The CVSS score for scenario 2. is: 6.5 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) This issue affects Junos OS: * All versions before 21.2R3-S4, * 21.4 versions before 21.4R2, * 22.2 versions before 22.2R3-S2; Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * 21.4 versions before 21.4R2-EVO. | ||||