ReportizFlow
Filtered by vendor
Subscriptions
Total
9740 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38020 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-10-15 | 6.5 Medium |
| Microsoft Outlook Spoofing Vulnerability | ||||
| CVE-2024-38017 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-15 | 5.5 Medium |
| Microsoft Message Queuing Information Disclosure Vulnerability | ||||
| CVE-2024-38041 | 1 Microsoft | 11 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 8 more | 2025-10-15 | 5.5 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2024-30081 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-15 | 7.1 High |
| Windows NTLM Spoofing Vulnerability | ||||
| CVE-2025-57430 | 1 Creacast | 1 Creabox Manager | 2025-10-14 | 7.5 High |
| Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials. | ||||
| CVE-2025-57433 | 1 2wcom | 2 Ip-4c, Ip-4c Firmware | 2025-10-14 | 6.5 Medium |
| The 2wcom IP-4c 2.15.5 device's web interface includes an information disclosure vulnerability. By sending a crafted POST request to a specific endpoint (/cwi/ajax_request/get_data.php), an authenticated attacker (even with a low-privileged account like guest) can retrieve the hashed passwords for the admin, manager, and guest accounts. This significantly weakens the system's security posture, as these hashes could be cracked offline, granting attackers administrative access to the device. | ||||
| CVE-2025-10282 | 1 Blsops | 1 Bbot | 2025-10-14 | 4.7 Medium |
| BBOT's gitlab module could be abused to disclose a GitLab API key to an attacker controlled server with a malicious formatted git URL. | ||||
| CVE-2025-10281 | 1 Blsops | 1 Bbot | 2025-10-14 | 4.7 Medium |
| BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. | ||||
| CVE-2024-1460 | 2 Microsoft, Msi | 2 Windows, Afterburner | 2025-10-14 | 5.6 Medium |
| MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. | ||||
| CVE-2014-2377 | 1 Ecava | 1 Integraxor | 2025-10-14 | N/A |
| Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag. | ||||
| CVE-2014-2374 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2025-10-14 | N/A |
| The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | ||||
| CVE-2014-0786 | 1 Ecava | 1 Integraxor | 2025-10-14 | N/A |
| Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. | ||||
| CVE-2025-30218 | 1 Vercel | 1 Next.js | 2025-10-13 | 5.9 Medium |
| Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4. | ||||
| CVE-2025-49177 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-10-13 | 6.1 Medium |
| A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. | ||||
| CVE-2025-57437 | 2 Blackmagic, Blackmagicdesign | 3 Web Presenter Hd, Web Presenter Hd, Web Presenter Hd Firmware | 2025-10-11 | 9.8 Critical |
| The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC, DNS - Current stream platform, stream key, and streaming URL - Audio/video configuration This data can be used to hijack live streams or perform network reconnaissance. | ||||
| CVE-2024-8072 | 1 Mage | 1 Mage-ai | 2025-10-10 | 5.3 Medium |
| Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users | ||||
| CVE-2024-4596 | 1 Kimai | 1 Kimai | 2025-10-10 | 3.7 Low |
| A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-28247 | 1 Pi-hole | 1 Pi-hole | 2025-10-10 | 7.6 High |
| The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18. | ||||
| CVE-2025-2860 | 1 Arteche | 2 Satech Bcu, Satech Bcu Firmware | 2025-10-10 | 5.3 Medium |
| SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website. | ||||
| CVE-2025-31955 | 1 Hcltech | 1 Dryice Iautomate | 2025-10-10 | 7.6 High |
| HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. | ||||