ReportizFlow
Filtered by vendor
Subscriptions
Total
4211 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46816 | 2025-05-07 | N/A | ||
| goshs is a SimpleHTTPServer written in Go. Starting in version 0.3.4 and prior to version 1.0.5, running goshs without arguments makes it possible for anyone to execute commands on the server. The function `dispatchReadPump` does not checks the option cli `-c`, thus allowing anyone to execute arbitrary command through the use of websockets. Version 1.0.5 fixes the issue. | ||||
| CVE-2025-4333 | 2025-05-07 | 6.3 Medium | ||
| A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/production/ssm/service/impl/FileServiceImpl.java. The manipulation of the argument uploadFile leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names. | ||||
| CVE-2022-32918 | 1 Apple | 2 Iphone Os, Macos | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in iOS 16, macOS Ventura 13. An app may be able to bypass Privacy preferences. | ||||
| CVE-2022-32904 | 1 Apple | 1 Macos | 2025-05-06 | 5.5 Medium |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, macOS Monterey 12.6. An app may be able to access user-sensitive data. | ||||
| CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | ||||
| CVE-2024-20325 | 1 Cisco | 1 Unified Intelligence Center | 2025-05-06 | 5.1 Medium |
| A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | ||||
| CVE-2025-25962 | 2025-05-06 | 9.8 Critical | ||
| An issue in Coresmartcontracts Uniswap v.3.0 and fixed in v.4.0 allows a remote attacker to escalate privileges via the _modifyPosition function | ||||
| CVE-2025-45618 | 2025-05-06 | 6.5 Medium | ||
| Incorrect access control in the component /admin/sys/datasource/ajaxList of jeeweb-mybatis-springboot v0.0.1.RELEASE allows attackers to access sensitive information via a crafted payload. | ||||
| CVE-2025-4281 | 2025-05-05 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 7. This affects an unknown part of the file /api/GylOperator/LoadData. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-42327 | 2 Fedoraproject, Xen | 2 Fedora, Xen | 2025-05-05 | 7.1 High |
| x86: unintended memory sharing between guests On Intel systems that support the "virtualize APIC accesses" feature, a guest can read and write the global shared xAPIC page by moving the local APIC out of xAPIC mode. Access to this shared page bypasses the expected isolation that should exist between two guests. | ||||
| CVE-2024-2749 | 1 Vikwp | 1 Vikbooking Hotel Booking Engine \& Pms | 2025-05-05 | 5.9 Medium |
| The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8's access control mechanism fails to properly restrict access to its settings, permitting any users that can access a menu to manipulate requests and perform unauthorized actions such as editing, renaming or deleting (categories for example) despite initial settings prohibiting such access. This vulnerability resembles broken access control, enabling unauthorized users to modify critical VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.6.8 configurations. | ||||
| CVE-2023-20873 | 2 Redhat, Vmware | 3 Amq Streams, Camel Spring Boot, Spring Boot | 2025-05-05 | 9.8 Critical |
| In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+. | ||||
| CVE-2022-3780 | 1 Devolutions | 1 Remote Desktop Manager | 2025-05-05 | 7.5 High |
| Database connections on deleted users could stay active on MySQL data sources in Remote Desktop Manager 2022.3.7 and below which allow deleted users to access unauthorized data. This issue affects : Remote Desktop Manager 2022.3.7 and prior versions. | ||||
| CVE-2022-22442 | 3 Ibm, Linux, Microsoft | 5 Aix, Infosphere Information Server, Infosphere Information Server On Cloud and 2 more | 2025-05-05 | 6.5 Medium |
| "IBM InfoSphere Information Server 11.7 could allow an authenticated user to access information restricted to users with elevated privileges due to improper access controls. IBM X-Force ID: 224427." | ||||
| CVE-2024-46792 | 1 Linux | 1 Linux Kernel | 2025-05-04 | 3.3 Low |
| In the Linux kernel, the following vulnerability has been resolved: riscv: misaligned: Restrict user access to kernel memory raw_copy_{to,from}_user() do not call access_ok(), so this code allowed userspace to access any virtual memory address. | ||||
| CVE-2024-20657 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-05-03 | 7 High |
| Windows Group Policy Elevation of Privilege Vulnerability | ||||
| CVE-2024-21364 | 1 Microsoft | 1 Azure Site Recovery | 2025-05-03 | 9.3 Critical |
| Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | ||||
| CVE-2024-20695 | 1 Microsoft | 1 Skype For Business Server | 2025-05-03 | 5.7 Medium |
| Skype for Business Information Disclosure Vulnerability | ||||
| CVE-2024-21401 | 1 Microsoft | 1 Entra Jira Sso Plugin | 2025-05-03 | 9.8 Critical |
| Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | ||||
| CVE-2024-21436 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-05-03 | 7.8 High |
| Windows Installer Elevation of Privilege Vulnerability | ||||