Total
4227 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-37085 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-10-30 | 6.8 Medium |
| VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | ||||
| CVE-2025-11633 | 2 Furbo, Tomofun | 6 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 3 more | 2025-10-30 | 3.7 Low |
| A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-41110 | 3 Ghost Robotics, Ghostrobotics, Google | 4 Vision 60, Vision 60, Vision 60 Firmware and 1 more | 2025-10-30 | 8.8 High |
| Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full control of the robot, which could cause physical damage to the robot itself or its environment. | ||||
| CVE-2012-5887 | 2 Apache, Redhat | 8 Tomcat, Enterprise Linux, Jboss Data Grid and 5 more | 2025-10-30 | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. | ||||
| CVE-2025-25450 | 1 Mytaag | 1 Mytaag | 2025-10-30 | 5.1 Medium |
| An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint | ||||
| CVE-2025-25451 | 1 Mytaag | 1 Mytaag | 2025-10-30 | 5.1 Medium |
| An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key | ||||
| CVE-2025-25452 | 1 Mytaag | 1 Mytaag | 2025-10-30 | 5.1 Medium |
| An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint | ||||
| CVE-2020-0688 | 1 Microsoft | 1 Exchange Server | 2025-10-29 | 8.8 High |
| A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | ||||
| CVE-2025-9063 | 1 Rockwellautomation | 2 Factorytalk View, Panelview Plus | 2025-10-28 | 9.8 Critical |
| An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more. | ||||
| CVE-2025-9064 | 1 Rockwellautomation | 2 Factorytalk View, Factorytalk View Machine Edition | 2025-10-28 | 9.1 Critical |
| A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted. | ||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | 9.8 Critical |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | ||||
| CVE-2025-62717 | 1 Emlog | 1 Emlog | 2025-10-28 | 9.1 Critical |
| Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit 1f726df. | ||||
| CVE-2024-49039 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-10-28 | 8.8 High |
| Windows Task Scheduler Elevation of Privilege Vulnerability | ||||
| CVE-2023-20867 | 4 Debian, Fedoraproject, Redhat and 1 more | 8 Debian Linux, Fedora, Enterprise Linux and 5 more | 2025-10-28 | 3.9 Low |
| A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | ||||
| CVE-2025-62169 | 1 Octoprint | 1 Octoprint | 2025-10-27 | 8.1 High |
| OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks. This issue has been patched in versions 1.8.0a3 of the testing branch and 1.7.8 of the stable branch. The impact of this vulnerability is greatly reduced when using OctoPrint version 1.11.2 and newer. | ||||
| CVE-2025-6979 | 1 Arista | 1 Ng Firewall | 2025-10-27 | 8.8 High |
| Captive Portal can allow authentication bypass | ||||
| CVE-2021-32648 | 1 Octobercms | 1 October | 2025-10-24 | 8.2 High |
| octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. | ||||
| CVE-2021-39226 | 3 Fedoraproject, Grafana, Redhat | 5 Fedora, Grafana, Enterprise Linux and 2 more | 2025-10-24 | 9.8 Critical |
| Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated users are able to view the snapshot with the lowest database key by accessing the literal paths: /dashboard/snapshot/:key, or /api/snapshots/:key. If the snapshot "public_mode" configuration setting is set to true (vs default of false), unauthenticated users are able to delete the snapshot with the lowest database key by accessing the literal path: /api/snapshots-delete/:deleteKey. Regardless of the snapshot "public_mode" setting, authenticated users are able to delete the snapshot with the lowest database key by accessing the literal paths: /api/snapshots/:key, or /api/snapshots-delete/:deleteKey. The combination of deletion and viewing enables a complete walk through all snapshot data while resulting in complete snapshot data loss. This issue has been resolved in versions 8.1.6 and 7.5.11. If for some reason you cannot upgrade you can use a reverse proxy or similar to block access to the literal paths: /api/snapshots/:key, /api/snapshots-delete/:deleteKey, /dashboard/snapshot/:key, and /api/snapshots/:key. They have no normal function and can be disabled without side effects. | ||||
| CVE-2024-7593 | 1 Ivanti | 2 Virtual Traffic Management, Virtual Traffic Manager | 2025-10-24 | 9.8 Critical |
| Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2 allows a remote unauthenticated attacker to bypass authentication of the admin panel. | ||||
| CVE-2020-12812 | 1 Fortinet | 1 Fortios | 2025-10-24 | 9.8 Critical |
| An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. | ||||