ReportizFlow
Filtered by vendor
Subscriptions
Total
283 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-24119 | 1 Ge | 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more | 2025-04-12 | 9.8 Critical |
| Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. | ||||
| CVE-2010-2076 | 1 Apache | 1 Cxf | 2025-04-11 | 9.8 Critical |
| Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632. | ||||
| CVE-2011-2504 | 2 Redhat, Xfree86 | 2 Enterprise Linux, X11perf | 2025-04-11 | N/A |
| Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf before 1.5.4 allows local users to gain privileges via unspecified Trojan horse code in the current working directory. | ||||
| CVE-2021-29113 | 1 Esri | 1 Arcgis Server | 2025-04-10 | 4.7 Medium |
| A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. | ||||
| CVE-2025-27668 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Arbitrary Content Inclusion via Iframe OVE-20230524-0012. | ||||
| CVE-2024-4769 | 3 Debian, Mozilla, Redhat | 8 Debian Linux, Firefox, Thunderbird and 5 more | 2025-04-01 | 5.9 Medium |
| When importing resources using Web Workers, error messages would distinguish the difference between `application/javascript` responses and non-script responses. This could have been abused to learn information cross-origin. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. | ||||
| CVE-2021-38360 | 1 Wp-publications Project | 1 Wp-publications | 2025-03-31 | 8.3 High |
| The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the Q_FILE parameter found in the ~/bibtexbrowser.php file which allows attackers to include local zip files and achieve remote code execution, in versions up to and including 0.0. | ||||
| CVE-2024-5693 | 2 Mozilla, Redhat | 7 Firefox, Thunderbird, Enterprise Linux and 4 more | 2025-03-27 | 6.1 Medium |
| Offscreen Canvas did not properly track cross-origin tainting, which could be used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2023-21440 | 1 Samsung | 1 Android | 2025-03-24 | 6.2 Medium |
| Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | ||||
| CVE-2019-15839 | 1 Sinaextra | 1 Sina Extension For Elementor | 2025-03-24 | N/A |
| The sina-extension-for-elementor plugin before 2.2.1 for WordPress has local file inclusion. | ||||
| CVE-2022-41216 | 1 Hybridsoftware | 1 Cloudflow | 2025-03-20 | 8.3 High |
| Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential information from the system. | ||||
| CVE-2022-4134 | 2 Openstack, Redhat | 2 Glance, Openstack | 2025-03-06 | 2.8 Low |
| A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images. | ||||
| CVE-2023-26053 | 1 Gradle | 1 Gradle | 2025-03-06 | 6.6 Medium |
| Gradle is a build tool with a focus on build automation and support for multi-language development. This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a `trusted-key` or `pgp` element in their dependency verification metadata file. The fix is to fail dependency verification if anything but a fingerprint is used in a trust element in dependency verification metadata. The problem is fixed in Gradle 8.0 and above. The problem is also patched in Gradle 6.9.4 and 7.6.1. As a workaround, use only full fingerprint IDs for `trusted-key` or `pgp` element in the metadata is a protection against this issue. | ||||
| CVE-2022-30037 | 1 Xunruicms | 1 Xunruicms | 2025-02-25 | 7.2 High |
| XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows attackers to execute arbitrary php code, via the add function in cron.php. | ||||
| CVE-2023-41267 | 1 Apache | 1 Airflow Hdfs Provider | 2025-02-13 | 7.8 High |
| In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentationĀ info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1 | ||||
| CVE-2023-4045 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Enterprise Linux and 4 more | 2025-02-13 | 5.3 Medium |
| Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. | ||||
| CVE-2023-35946 | 1 Gradle | 1 Gradle | 2025-02-13 | 6.9 Medium |
| Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit. | ||||
| CVE-2022-28735 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Rhel E4s and 1 more | 2025-02-13 | 6.7 Medium |
| The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain. | ||||
| CVE-2023-2551 | 1 Bumsys Project | 1 Bumsys | 2025-02-12 | 8.8 High |
| PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. | ||||
| CVE-2022-46302 | 1 Checkmk | 1 Checkmk | 2025-02-05 | 8.8 High |
| Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | ||||