ReportizFlow
Filtered by vendor
Subscriptions
Total
9745 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2014-2374 | 1 Accuenergy | 2 Acuvim Ii, Axm-net | 2025-10-14 | N/A |
| The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript. | ||||
| CVE-2014-0786 | 1 Ecava | 1 Integraxor | 2025-10-14 | N/A |
| Ecava IntegraXor before 4.1.4393 allows remote attackers to read cleartext credentials for administrative accounts via SELECT statements that leverage the guest role. | ||||
| CVE-2025-30218 | 1 Vercel | 1 Next.js | 2025-10-13 | 5.9 Medium |
| Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4. | ||||
| CVE-2025-49177 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2025-10-13 | 6.1 Medium |
| A flaw was found in the XFIXES extension. The XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests. | ||||
| CVE-2025-57437 | 2 Blackmagic, Blackmagicdesign | 3 Web Presenter Hd, Web Presenter Hd, Web Presenter Hd Firmware | 2025-10-11 | 9.8 Critical |
| The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC, DNS - Current stream platform, stream key, and streaming URL - Audio/video configuration This data can be used to hijack live streams or perform network reconnaissance. | ||||
| CVE-2024-8072 | 1 Mage | 1 Mage-ai | 2025-10-10 | 5.3 Medium |
| Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users | ||||
| CVE-2024-4596 | 1 Kimai | 1 Kimai | 2025-10-10 | 3.7 Low |
| A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-28247 | 1 Pi-hole | 1 Pi-hole | 2025-10-10 | 7.6 High |
| The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it does not begin with "file*" depending on the state of the response it does one thing or another. The problem resides in the update through local files. When updating from a file which contains non-domain lines, 5 of the non-domain lines are printed on the screen, so if you provide it with any file on the server which contains non-domain lines it will print them on the screen. This vulnerability is fixed by 5.18. | ||||
| CVE-2025-2860 | 1 Arteche | 2 Satech Bcu, Satech Bcu Firmware | 2025-10-10 | 5.3 Medium |
| SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website. | ||||
| CVE-2025-31955 | 1 Hcltech | 1 Dryice Iautomate | 2025-10-10 | 7.6 High |
| HCL iAutomate is affected by a sensitive data exposure vulnerability. This issue may allow unauthorized access to sensitive information within the system. | ||||
| CVE-2024-3716 | 1 Redhat | 1 Satellite | 2025-10-10 | 6.2 Medium |
| A flaw was found in foreman-installer when puppet-candlepin is invoked cpdb with the --password parameter. This issue leaks the password in the process list and allows an attacker to take advantage and obtain the password. | ||||
| CVE-2023-33951 | 2 Linux, Redhat | 5 Linux Kernel, Enterprise Linux, Enterprise Linux For Real Time and 2 more | 2025-10-10 | 6.7 Medium |
| A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel. | ||||
| CVE-2025-2842 | 1 Redhat | 1 Openshift Distributed Tracing | 2025-10-10 | 4.3 Medium |
| A flaw was found in the Tempo Operator. When the Jaeger UI Monitor Tab functionality is enabled in a Tempo instance managed by the Tempo Operator, the Operator creates a ClusterRoleBinding for the Service Account of the Tempo instance to grant the cluster-monitoring-view ClusterRole. This can be exploited if a user has 'create' permissions on TempoStack and 'get' permissions on Secret in a namespace (for example, a user has ClusterAdmin permissions for a specific namespace), as the user can read the token of the Tempo service account and therefore has access to see all cluster metrics. | ||||
| CVE-2025-2786 | 1 Redhat | 1 Openshift Distributed Tracing | 2025-10-10 | 4.3 Medium |
| A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks. | ||||
| CVE-2024-7319 | 2 Openstack, Redhat | 3 Heat, Openstack, Openstack Platform | 2025-10-10 | 5 Medium |
| An incomplete fix for CVE-2023-1625 was found in openstack-heat. Sensitive information may possibly be disclosed through the OpenStack stack abandon command with the hidden feature set to True and the CVE-2023-1625 fix applied. | ||||
| CVE-2024-50312 | 1 Redhat | 2 Openshift, Openshift Container Platform | 2025-10-10 | 5.3 Medium |
| A vulnerability was found in GraphQL due to improper access controls on the GraphQL introspection query. This flaw allows unauthorized users to retrieve a comprehensive list of available queries and mutations. Exposure to this flaw increases the attack surface, as it can facilitate the discovery of flaws or errors specific to the application's GraphQL implementation. | ||||
| CVE-2023-6393 | 1 Redhat | 2 Build Of Quarkus, Quarkus | 2025-10-10 | 5.3 Medium |
| A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data. | ||||
| CVE-2023-4886 | 2 Redhat, Theforeman | 5 Satellite, Satellite Capsule, Satellite Maintenance and 2 more | 2025-10-10 | 6.7 Medium |
| A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. | ||||
| CVE-2025-51040 | 1 Electrolink | 4 Fm\/dab\/tv Transmitter Web Management System, Medium 1kw, Medium 2kw and 1 more | 2025-10-09 | 7.5 High |
| Electrolink FM/DAB/TV Transmitter Web Management System Unauthorized access vulnerability via the /FrameSetCore.html endpoint in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2. | ||||
| CVE-2025-34220 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2025-10-09 | 5.3 Medium |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 (VA/SaaS deployments) contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to https://<tenant>.printercloud10.com/api-gateway/identity/search-groups and adjustments to the `Host` header allow an unauthenticated remote attacker to enumerate every group object stored for that tenant. The response includes internal identifiers (group ID, source service ID, Azure AD object IDs, creation timestamps, and tenant IDs). This vulnerability has been confirmed to be remediated, but it is unclear as to when the patch was introduced. | ||||