Total
314806 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-8049 | 1 Opentext | 1 Flipper | 2025-10-28 | N/A | 8.8 HIGH |
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low-privilege user to elevate privileges within the application. This issue affects Flipper: 3.1.2. | |||||
| CVE-2025-8052 | 1 Opentext | 1 Flipper | 2025-10-28 | N/A | 8.8 HIGH |
| SQL Injection vulnerability in opentext Flipper allows SQL Injection. The vulnerability could allow a low privilege user to interact with the database in unintended ways and extract data by interacting with the HQL processor. This issue affects Flipper: 3.1.2. | |||||
| CVE-2025-8053 | 1 Opentext | 1 Flipper | 2025-10-28 | N/A | 9.1 CRITICAL |
| Insufficient Granularity of Access Control vulnerability in opentext Flipper allows Exploiting Incorrectly Configured Access Control Security Levels. The vulnerability could allow a low privilege user to interact with the backend API without sufficient privileges. This issue affects Flipper: 3.1.2. | |||||
| CVE-2022-23460 | 1 Hjiang | 1 Json\+\+ | 2025-10-28 | N/A | 5.9 MEDIUM |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2022-23459 | 1 Hjiang | 1 Json\+\+ | 2025-10-28 | N/A | 8.1 HIGH |
| Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement. | |||||
| CVE-2024-38226 | 1 Microsoft | 3 Office 2019, Office Long Term Servicing Channel, Publisher | 2025-10-28 | N/A | 7.3 HIGH |
| Microsoft Publisher Security Feature Bypass Vulnerability | |||||
| CVE-2025-26352 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 6.5 MEDIUM |
| A CWE-35 "Path Traversal" in the template deletion mechanism in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26353 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 4.9 MEDIUM |
| A CWE-35 "Path Traversal" in maxtime/api/sql/sql.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26354 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.2 HIGH |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (copy endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26355 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 6.5 MEDIUM |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to delete sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26356 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.2 HIGH |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua (setActive endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to overwrite sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26357 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 4.9 MEDIUM |
| A CWE-35 "Path Traversal" in maxtime/api/database/database.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to read sensitive files via crafted HTTP requests. | |||||
| CVE-2025-26358 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 5.5 MEDIUM |
| A CWE-15 "External Control of System or Configuration Setting" in ldbMT.so in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated remote attacker to modify system configuration via crafted HTTP requests. | |||||
| CVE-2025-26359 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 9.8 CRITICAL |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests. | |||||
| CVE-2025-26360 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 5.3 MEDIUM |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/persistance/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to delete dashboards via crafted HTTP requests. | |||||
| CVE-2025-26361 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 9.1 CRITICAL |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests. | |||||
| CVE-2025-21059 | 1 Samsung | 1 Health | 2025-10-28 | N/A | 6.2 MEDIUM |
| Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health. | |||||
| CVE-2025-26362 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.5 HIGH |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests. | |||||
| CVE-2025-26363 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.5 HIGH |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests. | |||||
| CVE-2025-26364 | 1 Q-free | 1 Maxtime | 2025-10-28 | N/A | 7.5 HIGH |
| A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable an authentication profile server via crafted HTTP requests. | |||||