ReportizFlow
Filtered by vendor
Subscriptions
Total
303301 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29629 | 2025-07-25 | 8.8 High | ||
| An issue in Gardyn 4 allows a remote attacker to obtain sensitive information and execute arbitrary code via the Gardyn Home component | ||||
| CVE-2024-52902 | 2 Ibm, Microsoft | 3 Cognos Controller, Controller, Windows | 2025-07-25 | 8.8 High |
| IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 client application contains hard coded database passwords in source code which could be used for unauthorized access to the system. | ||||
| CVE-2023-6622 | 3 Fedoraproject, Linux, Redhat | 3 Fedora, Linux Kernel, Enterprise Linux | 2025-07-25 | 5.5 Medium |
| A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. | ||||
| CVE-2025-33112 | 1 Ibm | 2 Aix, Vios | 2025-07-25 | 8.4 High |
| IBM AIX 7.3 and IBM VIOS 4.1.1 Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary code due to improper neutralization of pathname input. | ||||
| CVE-2024-8535 | 2 Citrix, Netscaler | 4 Netscaler Application Delivery Controller, Netscaler Gateway, Adc and 1 more | 2025-07-25 | 8.1 High |
| Authenticated user can access unintended user capabilities in NetScaler ADC and NetScaler Gateway if the appliance must be configured as a Gateway (SSL VPN, ICA Proxy, CVPN, RDP Proxy) with KCDAccount configuration for Kerberos SSO to access backend resources OR the appliance must be configured as an Auth Server (AAA Vserver) with KCDAccount configuration for Kerberos SSO to access backend resources | ||||
| CVE-2025-32990 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.5 Medium |
| A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system. | ||||
| CVE-2025-32989 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 5.3 Medium |
| A heap-buffer-overread vulnerability was found in GnuTLS in how it handles the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows a malicious user to create a certificate containing a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that contains sensitive data. This issue leads to the exposure of confidential information when GnuTLS verifies certificates from certain websites when the certificate (SCT) is not checked correctly. | ||||
| CVE-2025-32988 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.5 Medium |
| A flaw was found in GnuTLS. A double-free vulnerability exists in GnuTLS due to incorrect ownership handling in the export logic of Subject Alternative Name (SAN) entries containing an otherName. If the type-id OID is invalid or malformed, GnuTLS will call asn1_delete_structure() on an ASN.1 node it does not own, leading to a double-free condition when the parent function or caller later attempts to free the same structure. This vulnerability can be triggered using only public GnuTLS APIs and may result in denial of service or memory corruption, depending on allocator behavior. | ||||
| CVE-2025-6395 | 1 Redhat | 2 Enterprise Linux, Openshift | 2025-07-25 | 6.5 Medium |
| A NULL pointer dereference flaw was found in the GnuTLS software in _gnutls_figure_common_ciphersuite(). | ||||
| CVE-2023-4387 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-07-25 | 7.1 High |
| A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem. | ||||
| CVE-2024-28786 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-07-25 | 6.5 Medium |
| IBM QRadar SIEM 7.5 transmits sensitive or security-critical data in cleartext in a communication channel that could be obtained by an unauthorized actor using man in the middle techniques. | ||||
| CVE-2024-39750 | 1 Ibm | 1 Analytics Content Hub | 2025-07-25 | 8.8 High |
| IBM Analytics Content Hub 2.0 is vulnerable to a buffer overflow due to improper return length checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. | ||||
| CVE-2024-35134 | 1 Ibm | 1 Analytics Content Hub | 2025-07-25 | 5.3 Medium |
| IBM Analytics Content Hub 2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2024-56347 | 1 Ibm | 1 Aix | 2025-07-25 | 9.6 Critical |
| IBM AIX 7.2 and 7.3 nimsh service SSL/TLS protection mechanisms could allow a remote attacker to execute arbitrary commands due to improper process controls. | ||||
| CVE-2024-56346 | 1 Ibm | 1 Aix | 2025-07-25 | 10 Critical |
| IBM AIX 7.2 and 7.3 nimesis NIM master service could allow a remote attacker to execute arbitrary commands due to improper process controls. | ||||
| CVE-2025-47988 | 1 Microsoft | 2 Azure Monitor, Azure Monitor Agent | 2025-07-25 | 7.5 High |
| Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network. | ||||
| CVE-2025-53770 | 1 Microsoft | 1 Sharepoint Server | 2025-07-25 | 9.8 Critical |
| Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnerability. In the meantime, please make sure that the mitigation provided in this CVE documentation is in place so that you are protected from exploitation. | ||||
| CVE-2025-53762 | 1 Microsoft | 1 Purview | 2025-07-25 | 8.7 High |
| Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47158 | 1 Microsoft | 1 Azure Devops Server | 2025-07-25 | 9 Critical |
| Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2025-47995 | 1 Microsoft | 1 Azure Machine Learning | 2025-07-25 | 6.5 Medium |
| Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. | ||||