ReportizFlow
Filtered by vendor
Subscriptions
Total
13091 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-43755 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 3.5 Low |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-52831 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 3.5 Low |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-21516 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-21515 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2025-0465 | 2025-01-14 | 7.3 High | ||
| A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-32321 | 1 Okfn | 1 Ckan | 2025-01-14 | 9.8 Critical |
| CKAN is an open-source data management system for powering data hubs and data portals. Multiple vulnerabilities have been discovered in Ckan which may lead to remote code execution. An arbitrary file write in `resource_create` and `package_update` actions, using the `ResourceUploader` object. Also reachable via `package_create`, `package_revise`, and `package_patch` via calls to `package_update`. Remote code execution via unsafe pickle loading, via Beaker's session store when configured to use the file session store backend. Potential DOS due to lack of a length check on the resource id. Information disclosure: A user with permission to create a resource can access any other resource on the system if they know the id, even if they don't have access to it. Resource overwrite: A user with permission to create a resource can overwrite any resource if they know the id, even if they don't have access to it. A user with permissions to create or edit a dataset can upload a resource with a specially crafted id to write the uploaded file in an arbitrary location. This can be leveraged to Remote Code Execution via Beaker's insecure pickle loading. All the above listed vulnerabilities have been fixed in CKAN 2.9.9 and CKAN 2.10.1. Users are advised to upgrade. There are no known workarounds for these issues. | ||||
| CVE-2023-32688 | 1 Parseplatform | 1 Parse Server Push Adapter | 2025-01-14 | 4.9 Medium |
| parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version 4.1.3. | ||||
| CVE-2024-54100 | 1 Huawei | 2 Emui, Harmonyos | 2025-01-14 | 6.2 Medium |
| Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-2942 | 1 Open-emr | 1 Openemr | 2025-01-14 | 8.1 High |
| Improper Input Validation in GitHub repository openemr/openemr prior to 7.0.1. | ||||
| CVE-2024-21473 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Ar9380 and 251 more | 2025-01-14 | 9.8 Critical |
| Memory corruption while redirecting log file to any file location with any file name. | ||||
| CVE-2023-33100 | 1 Qualcomm | 100 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 97 more | 2025-01-14 | 7.5 High |
| Transient DOS while processing DL NAS Transport message when message ID is not defined in the 3GPP specification. | ||||
| CVE-2024-21452 | 1 Qualcomm | 12 C-v2x 9150, C-v2x 9150 Firmware, Qca6584au and 9 more | 2025-01-14 | 7.3 High |
| Transient DOS while decoding an ASN.1 OER message containing a SEQUENCE of unknown extensions. | ||||
| CVE-2024-54121 | 1 Huawei | 1 Harmonyos | 2025-01-14 | 6.2 Medium |
| Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | ||||
| CVE-2023-32695 | 1 Socket | 1 Socket.io-parser | 2025-01-14 | 7.3 High |
| socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3. | ||||
| CVE-2024-56437 | 1 Huawei | 1 Harmonyos | 2025-01-13 | 5.7 Medium |
| Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-01-13 | 9.8 Critical |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | ||||
| CVE-2023-51931 | 1 Alanclarke | 1 Urlite | 2025-01-13 | 7.5 High |
| An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | ||||
| CVE-2022-34159 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-11 | 7.5 High |
| Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. | ||||
| CVE-2022-32204 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-11 | 7.5 High |
| There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. | ||||
| CVE-2024-13136 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-11 | 6.3 Medium |
| A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||