ReportizFlow
Filtered by vendor
Subscriptions
Total
32267 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24970 | 3 Netapp, Netty, Redhat | 12 Active Iq Unified Manager, Oncommand Insight, Netty and 9 more | 2025-09-05 | 7.5 High |
| Netty, an asynchronous, event-driven network application framework, has a vulnerability starting in version 4.1.91.Final and prior to version 4.1.118.Final. When a special crafted packet is received via SslHandler it doesn't correctly handle validation of such a packet in all cases which can lead to a native crash. Version 4.1.118.Final contains a patch. As workaround its possible to either disable the usage of the native SSLEngine or change the code manually. | ||||
| CVE-2020-17163 | 1 Microsoft | 2 Python, Visual Studio Code | 2025-09-05 | 7.8 High |
| Visual Studio Code Python Extension Remote Code Execution Vulnerability | ||||
| CVE-2024-47853 | 1 Mahara | 1 Mahara | 2025-09-05 | 8.8 High |
| An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI). | ||||
| CVE-2025-21038 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21039 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2025-21040 | 2 Google, Samsung | 6 Android, Assistant, Mobile and 3 more | 2025-09-05 | 5.1 Medium |
| Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2024-50384 | 1 St | 10 X-cube-azrt-h7rs, X-cube-azrtos-f4, X-cube-azrtos-f7 and 7 more | 2025-09-05 | 6.5 Medium |
| A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Web Component HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\web\nx_web_http_server.c | ||||
| CVE-2024-50385 | 1 St | 10 X-cube-azrt-h7rs, X-cube-azrtos-f4, X-cube-azrtos-f7 and 7 more | 2025-09-05 | 6.5 Medium |
| A denial of service vulnerability exists in the NetX Component HTTP server functionality of STMicroelectronics X-CUBE-AZRTOS-WL 2.0.0. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability.This vulnerability affects X-CUBE-AZRTOS-F7 NetX Duo Component HTTP Server HTTP server v 1.1.0. This HTTP server implementation is contained in this file - x-cube-azrtos-f7\Middlewares\ST\netxduo\addons\http\nxd_http_server.c | ||||
| CVE-2025-36890 | 1 Google | 1 Android | 2025-09-05 | 9.8 Critical |
| Elevation of Privilege | ||||
| CVE-2024-23306 | 1 F5 | 1 Big-ip Next Cloud-native Network Functions | 2025-09-05 | 7.1 High |
| A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-22389 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2025-09-05 | 7.2 High |
| When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | ||||
| CVE-2024-51741 | 2 Redhat, Redis | 2 Enterprise Linux, Redis | 2025-09-05 | 4.4 Medium |
| Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. | ||||
| CVE-2024-50947 | 2 Davidepianca98, Kmqtt | 2 Kmqtt, Kmqtt | 2025-09-05 | 7.5 High |
| An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. | ||||
| CVE-2025-0288 | 1 Paragon-software | 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more | 2025-09-05 | 7.8 High |
| Various Paragon Software products contain an arbitrary kernel memory vulnerability within biontdrv.sys, facilitated by the memmove function, which does not validate or sanitize user controlled input, allowing an attacker the ability to write arbitrary kernel memory and perform privilege escalation. | ||||
| CVE-2025-0289 | 1 Paragon-software | 6 Paragon Backup \& Recovery, Paragon Disk Wiper, Paragon Drive Copy and 3 more | 2025-09-05 | 7.8 High |
| Various Paragon Software products contain an insecure kernel resource access vulnerability facilitated by the driver not validating the MappedSystemVa pointer before passing it to HalReturnToFirmware, which can allows an attacker the ability to compromise the service. | ||||
| CVE-2024-6504 | 1 Rapid7 | 1 Insightvm | 2025-09-05 | 4.3 Medium |
| Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261. | ||||
| CVE-2025-3698 | 1 Tecno | 1 Carlcare | 2025-09-05 | 7.5 High |
| Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk. | ||||
| CVE-2024-7697 | 2 Tecno, Transsion | 2 Com.transsion.carlcare, Carlcare | 2025-09-05 | 7.5 High |
| Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks. | ||||
| CVE-2025-30288 | 1 Adobe | 1 Coldfusion | 2025-09-05 | 8.2 High |
| ColdFusion versions 2023.12, 2021.18, 2025.0 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low privileged attacker with local access could leverage this vulnerability to bypass security protections and execute code. Exploitation of this issue requires user interaction in that a victim must be coerced into performing actions within the application and scope is changed. | ||||
| CVE-2024-52509 | 1 Nextcloud | 1 Mail | 2025-09-05 | 3.5 Low |
| Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2. | ||||