Total
3738 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8196 | 1 Citrix | 8 4000-wo, 4100-wo, 5000-wo and 5 more | 2025-10-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in limited information disclosure to low privileged users. | |||||
| CVE-2020-8193 | 1 Citrix | 8 4000-wo, 4100-wo, 5000-wo and 5 more | 2025-10-30 | 5.0 MEDIUM | 6.5 MEDIUM |
| Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows unauthenticated access to certain URL endpoints. | |||||
| CVE-2022-23134 | 3 Debian, Fedoraproject, Zabbix | 3 Debian Linux, Fedora, Zabbix | 2025-10-30 | 5.0 MEDIUM | 3.7 LOW |
| After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend. | |||||
| CVE-2024-37085 | 1 Vmware | 2 Cloud Foundation, Esxi | 2025-10-30 | N/A | 6.8 MEDIUM |
| VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.com/vsphere/2012/09/joining-vsphere-hosts-to-active-directory.html by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | |||||
| CVE-2025-11633 | 1 Furbo | 4 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 1 more | 2025-10-30 | 2.6 LOW | 3.7 LOW |
| A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-41110 | 1 Ghostrobotics | 2 Vision 60, Vision 60 Firmware | 2025-10-30 | N/A | 8.8 HIGH |
| Encrypted WiFi and SSH credentials were found in the Ghost Robotics Vision 60 v0.27.2 APK. This vulnerability allows an attacker to connect to the robot's WiFi and view all its data, as it runs on ROS 2 without default authentication. In addition, the attacker can connect via SSH and gain full control of the robot, which could cause physical damage to the robot itself or its environment. | |||||
| CVE-2012-5887 | 1 Apache | 1 Tomcat | 2025-10-30 | 5.0 MEDIUM | N/A |
| The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with enforcement of proper credentials, which makes it easier for remote attackers to bypass intended access restrictions by sniffing the network for valid requests. | |||||
| CVE-2025-60424 | 2025-10-30 | N/A | 7.6 HIGH | ||
| A lack of rate limiting in the OTP verification component of Nagios Fusion v2024R1.2 and v2024R2 allows attackers to bypass authentication via a bruteforce attack. | |||||
| CVE-2025-64103 | 2025-10-30 | N/A | N/A | ||
| Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as well and not require multiple factors. Bypassing second authentication factors weakens multifactor authentication and enables attackers to bypass the more secure factor. An attacker can target the TOTP code alone, only six digits, bypassing password verification entirely and potentially compromising accounts with 2FA enabled. This vulnerability is fixed in 4.6.0, 3.4.3, and 2.71.18. | |||||
| CVE-2025-56558 | 2025-10-30 | N/A | 7.5 HIGH | ||
| An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control other users' Dyson IoT devices remotely via MQTT. | |||||
| CVE-2025-25450 | 1 Mytaag | 1 Mytaag | 2025-10-30 | N/A | 5.1 MEDIUM |
| An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the deactivation of the activated second factor to the /session endpoint | |||||
| CVE-2025-25451 | 1 Mytaag | 1 Mytaag | 2025-10-30 | N/A | 5.1 MEDIUM |
| An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a physically proximate attacker to escalate privileges via the "2fa_authorized" Local Storage key | |||||
| CVE-2025-25452 | 1 Mytaag | 1 Mytaag | 2025-10-30 | N/A | 5.1 MEDIUM |
| An issue in TAAGSOLUTIONS GmbH MyTaag v.2024-11-24 and before allows a remote attacker to escalate privileges via the "/user" endpoint | |||||
| CVE-2019-0543 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 12 more | 2025-10-29 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2020-0688 | 1 Microsoft | 1 Exchange Server | 2025-10-29 | 9.0 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | |||||
| CVE-2025-9063 | 1 Rockwellautomation | 1 Factorytalk View | 2025-10-28 | N/A | 9.8 CRITICAL |
| An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more. | |||||
| CVE-2025-9064 | 1 Rockwellautomation | 1 Factorytalk View | 2025-10-28 | N/A | 9.1 CRITICAL |
| A path traversal security issue exists within FactoryTalk View Machine Edition, allowing unauthenticated attackers on the same network as the device to delete any file within the panels operating system. Exploitation of this vulnerability is dependent on the knowledge of filenames to be deleted. | |||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | N/A | 9.8 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2025-62717 | 1 Emlog | 1 Emlog | 2025-10-28 | N/A | 9.1 CRITICAL |
| Emlog is an open source website building system. In version 2.5.23, Emlog Pro is vulnerable to a session verification code error due to a clearing logic error. This means the verification code could be reused anywhere an email verification code is required. This issue has been fixed in commit 1f726df. | |||||
| CVE-2024-49039 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 8.8 HIGH |
| Windows Task Scheduler Elevation of Privilege Vulnerability | |||||