Total
306788 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-55631 | 1 Reolink | 1 Smart 2k+ Video Doorbell | 2025-08-23 | 7.5 High |
| Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to manage users' sessions system wide instead of an account-by-account basis, potentially leading to a Denial of Service (DoS) via resource exhaustion. | ||||
| CVE-2025-55634 | 1 Reolink | 1 Smart 2k+ Video Doorbel | 2025-08-23 | 7.5 High |
| Incorrect access control in the RTMP server settings of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to cause a Denial of Service (DoS) via initiating a large number of simultaneous ffmpeg-based stream pushes. | ||||
| CVE-2025-4650 | 1 Centreon | 2 Centreon, Centreon Web | 2025-08-23 | 7.2 High |
| User with high privileges is able to introduce a SQLi using the Meta Service indicator page. Caused by an Improper Neutralization of Special Elements used in an SQL Command.This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26. | ||||
| CVE-2025-55630 | 1 Reolink | 1 Smart 2k+ Video Doorbel | 2025-08-23 | 7.3 High |
| A discrepancy in the error message returned by the login function of Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 when entering the wrong username and password allows attackers to enumerate existing accounts. | ||||
| CVE-2025-55620 | 1 Reolink | 1 Reolink | 2025-08-23 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-55625 | 1 Reolink | 1 Reolink | 2025-08-23 | 6.5 Medium |
| An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. | ||||
| CVE-2025-55622 | 1 Reolink | 1 Reolink | 2025-08-23 | 6.5 Medium |
| Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. | ||||
| CVE-2025-6791 | 1 Centreon | 2 Centreon, Centreon Web | 2025-08-23 | 8.8 High |
| On the monitoring event logs page, it is possible to alter the http request to insert a payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Centreon web (Monitoring event logs modules) allows SQL Injection. This issue affects web: from 24.10.0 before 24.10.9, from 24.04.0 before 24.04.16, from 23.10.0 before 23.10.26. | ||||
| CVE-2025-55637 | 1 Reolink | 1 Smart 2k+ Video Doorbell | 2025-08-23 | 6.5 Medium |
| Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 was discovered to contain a command injection vulnerability via the setddns_pip_system() function. | ||||
| CVE-2025-55619 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-23 | N/A |
| Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering. | ||||
| CVE-2025-55626 | 1 Reolink | 1 Smart 2k+ Video Doorbell | 2025-08-23 | 5.3 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage. | ||||
| CVE-2025-55624 | 1 Reolink | 1 Reolink | 2025-08-23 | 5.3 Medium |
| An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components. | ||||
| CVE-2025-55623 | 2 Google, Reolink | 2 Android, Reolink | 2025-08-23 | 5.4 Medium |
| An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge). | ||||
| CVE-2025-26496 | 4 Linux, Microsoft, Salesforce and 1 more | 6 Linux, Windows, Tableau Desktop and 3 more | 2025-08-23 | 9.6 Critical |
| Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Salesforce Tableau Server, Tableau Desktop on Windows, Linux (File Upload modules) allows Local Code Inclusion.This issue affects Tableau Server, Tableau Desktop: before 2025.1.3, before 2024.2.12, before 2023.3.19. | ||||
| CVE-2025-55629 | 1 Reolink | 1 Smart 2k+ Video Doorbell | 2025-08-23 | 6.5 Medium |
| Insecure permissions in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allow attackers to arbitrarily change other users' passwords via manipulation of the userName value. | ||||
| CVE-2025-55621 | 1 Reolink | 1 Reolink | 2025-08-23 | 6.5 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. | ||||
| CVE-2025-7841 | 2 Sertifier, Wordpress | 2 Certificates-open-badges Plugin, Wordpress | 2025-08-23 | 4.3 Medium |
| The Sertifier Certificate & Badge Maker for WordPress – Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19. This is due to missing or incorrect nonce validation on the 'sertifier_settings' page. This makes it possible for unauthenticated attackers to update the plugin's api key via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-7827 | 3 Anzia, Woocommerce, Wordpress | 3 Ni Woocommerce Customer Product Report, Woocommerce, Wordpress | 2025-08-23 | 4.3 Medium |
| The Ni WooCommerce Customer Product Report plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ni_woocpr_action() function in all versions up to, and including, 1.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings. | ||||
| CVE-2025-7839 | 2 Pokornydavid, Wordpress | 2 Restore Delete Post Or Page Data Plugin, Wordpress | 2025-08-23 | 4.3 Medium |
| The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rp_dpo_dpa_ajax_dp_delete_data() function. This makes it possible for unauthenticated attackers to delete data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-8309 | 1 Manageengine | 3 Assetexplorer, Servicedesk Plus, Supportcenter Plus | 2025-08-23 | 8.1 High |
| There is an improper privilege management vulnerability identified in ManageEngine's Asset Explorer, ServiceDesk Plus, ServiceDesk Plus MSP, and SupportCenter Plus products by Zohocorp. This vulnerability impacts Asset Explorer versions before 7710, ServiceDesk Plus versions before 15110, ServiceDesk Plus MSP versions before 14940, and SupportCenter Plus versions before 14940. | ||||