Total
5263 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-53186 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | N/A | 5.9 MEDIUM |
| Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-53178 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | N/A | 4.8 MEDIUM |
| Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units. | |||||
| CVE-2025-53177 | 1 Huawei | 2 Emui, Harmonyos | 2025-08-12 | N/A | 3.9 LOW |
| Permission bypass vulnerability in the calendar storage module Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches. | |||||
| CVE-2024-53011 | 1 Qualcomm | 166 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 163 more | 2025-08-11 | N/A | 7.9 HIGH |
| Information disclosure may occur due to improper permission and access controls to Video Analytics engine. | |||||
| CVE-2024-20361 | 1 Cisco | 1 Secure Firewall Management Center | 2025-08-07 | N/A | 5.8 MEDIUM |
| A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device. | |||||
| CVE-2025-54608 | 2025-08-06 | N/A | 6.2 MEDIUM | ||
| Vulnerability that allows setting screen rotation direction without permission verification in the screen management module. Impact: Successful exploitation of this vulnerability may cause device screen orientation to be arbitrarily set. | |||||
| CVE-2025-20145 | 1 Cisco | 9 8608, 8804, 8808 and 6 more | 2025-08-04 | N/A | 5.8 MEDIUM |
| A vulnerability in the access control list (ACL) processing in the egress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability exists because certain packets are handled incorrectly when they are received on an ingress interface on one line card and destined out of an egress interface on another line card where the egress ACL is configured. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an egress ACL on the affected device. For more information about this vulnerability, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2014-9193 | 1 Innominate | 1 Mguard Firmware | 2025-07-28 | 8.5 HIGH | N/A |
| Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 allows remote authenticated admins to obtain root privileges by changing a PPP configuration setting. | |||||
| CVE-2025-5874 | 2025-07-16 | 4.0 MEDIUM | 4.6 MEDIUM | ||
| A vulnerability was found in Redash up to 10.1.0/25.1.0. It has been rated as problematic. This issue affects the function run_query of the file /query_runner/python.py of the component getattr Handler. The manipulation leads to sandbox issue. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains, that "[t]he Python data source is disabled by default and is clearly marked in our documentation as discouraged due to its security implications. Users who choose to enable it are doing so at their own risk, with full awareness that it bypasses standard safeguards." | |||||
| CVE-2025-48903 | 1 Huawei | 1 Harmonyos | 2025-07-11 | N/A | 7.8 HIGH |
| Permission bypass vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2012-5864 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | 9.4 HIGH | N/A |
| These Sinapsi devices do not check if users that visit pages within the device have properly authenticated. By directly visiting the pages within the device, attackers can gain unauthorized access with administrative privileges. | |||||
| CVE-2012-5863 | 1 Sinapsitech | 4 Esolar Duo Photovoltaic System Monitor, Esolar Light Photovoltaic System Monitor, Esolar Photovoltaic System Monitor and 1 more | 2025-07-08 | 10.0 HIGH | N/A |
| These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system. | |||||
| CVE-2012-6068 | 1 3s-software | 1 Codesys Runtime System | 2025-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to execute commands via the command-line interface in the TCP listener service or transfer files via requests to the TCP listener service. | |||||
| CVE-2009-2631 | 4 Aladdin, Cisco, Sonicwall and 1 more | 5 Safenet Securewire Access Gateway, Adaptive Security Appliance, E-class Ssl Vpn and 2 more | 2025-06-16 | 6.8 MEDIUM | N/A |
| Multiple clientless SSL VPN products that run in web browsers, including Stonesoft StoneGate; Cisco ASA; SonicWALL E-Class SSL VPN and SonicWALL SSL VPN; SafeNet SecureWire Access Gateway; Juniper Networks Secure Access; Nortel CallPilot; Citrix Access Gateway; and other products, when running in configurations that do not restrict access to the same domain as the VPN, retrieve the content of remote URLs from one domain and rewrite them so they originate from the VPN's domain, which violates the same origin policy and allows remote attackers to conduct cross-site scripting attacks, read cookies that originated from other domains, access the Web VPN session to gain access to internal resources, perform key logging, and conduct other attacks. NOTE: it could be argued that this is a fundamental design problem in any clientless VPN solution, as opposed to a commonly-introduced error that can be fixed in separate implementations. Therefore a single CVE has been assigned for all products that have this design | |||||
| CVE-2025-5321 | 2025-06-01 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Abfrage leads to erweiterte Rechte. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2015-4596 | 1 Lenovo | 1 Mouse Suite | 2025-05-30 | 4.6 MEDIUM | 7.8 HIGH |
| Lenovo Mouse Suite before 6.73 allows local users to run arbitrary code with administrator privileges. | |||||
| CVE-2012-6426 | 1 Lemonldap-ng | 1 Lemonldap\ | 2025-05-28 | 7.5 HIGH | N/A |
| LemonLDAP::NG before 1.2.3 does not use the signature-verification capability of the Lasso library, which allows remote attackers to bypass intended access-control restrictions via crafted SAML data. | |||||
| CVE-2025-46586 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 5.1 MEDIUM |
| Permission control vulnerability in the contacts module Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-46587 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 6.2 MEDIUM |
| Permission control vulnerability in the media library module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2025-46593 | 1 Huawei | 1 Harmonyos | 2025-05-09 | N/A | 5.1 MEDIUM |
| Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect availability. | |||||