Total
5468 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2013-0422 | 4 Canonical, Opensuse, Oracle and 1 more | 6 Ubuntu Linux, Opensuse, Jdk and 3 more | 2025-10-22 | 9.8 Critical |
| Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a reference to a private MBeanInstantiator object, then retrieving arbitrary Class references using the findClass method, and (2) using the Reflection API with recursion in a way that bypasses a security check by the java.lang.invoke.MethodHandles.Lookup.checkSecurityManager method due to the inability of the sun.reflect.Reflection.getCallerClass method to skip frames related to the new reflection API, as exploited in the wild in January 2013, as demonstrated by Blackhole and Nuclear Pack, and a different vulnerability than CVE-2012-4681 and CVE-2012-3174. NOTE: some parties have mapped the recursive Reflection API issue to CVE-2012-3174, but CVE-2012-3174 is for a different vulnerability whose details are not public as of 20130114. CVE-2013-0422 covers both the JMX/MBean and Reflection API issues. NOTE: it was originally reported that Java 6 was also vulnerable, but the reporter has retracted this claim, stating that Java 6 is not exploitable because the relevant code is called in a way that does not bypass security checks. NOTE: as of 20130114, a reliable third party has claimed that the findClass/MBeanInstantiator vector was not fixed in Oracle Java 7 Update 11. If there is still a vulnerable condition, then a separate CVE identifier might be created for the unfixed issue. | ||||
| CVE-2016-3643 | 1 Solarwinds | 1 Virtualization Manager | 2025-10-22 | 7.8 High |
| SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | ||||
| CVE-2015-1769 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-10-22 | 6.6 Medium |
| Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 mishandles symlinks, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Mount Manager Elevation of Privilege Vulnerability." | ||||
| CVE-2025-58282 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 2.8 Low |
| Permission control vulnerability in the camera module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58285 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.3 Medium |
| Permission control vulnerability in the media module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58283 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.5 Medium |
| Permission control vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-54654 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 6.2 Medium |
| Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality | ||||
| CVE-2025-58284 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.9 Medium |
| Permission control vulnerability in the network module. Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58293 | 1 Huawei | 1 Harmonyos | 2025-10-20 | 5.5 Medium |
| Vulnerability of improper exception handling in the print module. Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2014-2375 | 1 Ecava | 1 Integraxor | 2025-10-13 | N/A |
| Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature. | ||||
| CVE-2014-2349 | 1 Emerson | 1 Deltav | 2025-10-03 | N/A |
| Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program. | ||||
| CVE-2014-2347 | 1 Amtelco | 1 Misecuremessages | 2025-10-02 | N/A |
| Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. | ||||
| CVE-2024-53137 | 1 Linux | 1 Linux Kernel | 2025-10-01 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. | ||||
| CVE-2025-5321 | 2 Aimhubio, Aimstack | 2 Aim, Aim | 2025-09-19 | 6.3 Medium |
| A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-54103 | 1 Huawei | 1 Harmonyos | 2025-09-18 | 6.1 Medium |
| Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2025-58276 | 1 Huawei | 2 Emui, Harmonyos | 2025-09-11 | 6.8 Medium |
| Permission verification vulnerability in the home screen module Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2009-3369 | 1 Backuppc | 1 Backuppc | 2025-09-08 | N/A |
| CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore. | ||||
| CVE-2015-3164 | 2 Opensuse, X.org | 3 Opensuse, X Server, Xorg-server | 2025-08-29 | N/A |
| The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket. | ||||
| CVE-2020-25720 | 1 Redhat | 3 Enterprise Linux, Openshift, Storage | 2025-08-29 | 7.5 High |
| A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks. | ||||
| CVE-2013-4504 | 2 Drupal, Monster Menus Project | 2 Drupal, Monster Menus | 2025-08-27 | N/A |
| The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL. | ||||