Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
Pubblicato il: 15/11/2025 00:15:48
Ultima modifica: 15/11/2025 00:15:48
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
Pubblicato il: 15/11/2025 00:15:47
Ultima modifica: 15/11/2025 00:15:47
A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. This vulnerability affects the function scandir_main of the file /portal/__ajax_exporer.sgi. The manipulation of the argument en results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Pubblicato il: 15/11/2025 07:15:46
Ultima modifica: 15/11/2025 07:15:46
A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta. This issue affects the function soapcgi_main of the file /soap.cgi. This manipulation causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
Pubblicato il: 15/11/2025 07:15:46
Ultima modifica: 15/11/2025 07:15:46
A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. This affects the function genacgi_main of the file gena.cgi. The manipulation of the argument SERVER_ID/HTTP_SID leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Pubblicato il: 15/11/2025 06:15:43
Ultima modifica: 15/11/2025 06:15:43
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Pubblicato il: 14/11/2025 16:15:58
Ultima modifica: 15/11/2025 02:00:01
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder and placing a same-basename script, Nero BackItUp renders the file as a folder icon and then invokes ShellExecuteW, which executes the script via PATHEXT fallback (.COM/.EXE/.BAT/.CMD). The issue affects recent Nero BackItUp product lines (2019-2025 and earlier) and has been acknowledged by the vendor.
Pubblicato il: 14/11/2025 19:16:01
Ultima modifica: 14/11/2025 20:15:47
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Pubblicato il: 14/11/2025 18:15:48
Ultima modifica: 14/11/2025 19:15:59
An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 exploitable remotely for Escalation of Privileges.
Pubblicato il: 14/11/2025 18:15:48
Ultima modifica: 14/11/2025 19:15:59
A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Pubblicato il: 14/11/2025 23:15:43
Ultima modifica: 14/11/2025 23:15:43
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval() on unsanitized user-supplied input in the pmxi_if function within helpers/functions.php. This makes it possible for authenticated attackers, with import capabilities (typically administrators), to inject and execute arbitrary PHP code on the server via crafted import templates. This can lead to remote code execution.
Pubblicato il: 13/11/2025 04:15:46
Ultima modifica: 14/11/2025 16:42:03
The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to privilege escalation. This is due to the plugin not properly validating a user's identity prior to allowing them to modify their own role via the REST API. The permission check in the update_item_permissions_check() function returns true when a user updates their own account without verifying the role changes. This makes it possible for authenticated attackers, with student-level access and above, to escalate their privileges to administrator by updating their own roles array via a crafted REST API request. Another endpoint intended for instructors also provides an attack vector. Affected version ranges are 3.5.3-3.41.2, 4.0.0-4.21.3, 5.0.0-5.10.0, 6.0.0-6.11.0, 7.0.0-7.8.7, 8.0.0-8.0.7, 9.0.0-9.0.7, 9.1.0.
Pubblicato il: 13/11/2025 04:15:44
Ultima modifica: 14/11/2025 16:42:03
The Import any XML, CSV or Excel File to WordPress (WP All Import) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 3.9.6. This is due to the use of eval() on unsanitized user-supplied input in the pmxi_if function within helpers/functions.php. This makes it possible for authenticated attackers, with import capabilities (typically administrators), to inject and execute arbitrary PHP code on the server via crafted import templates. This can lead to remote code execution.
Pubblicato il: 13/11/2025 04:15:46
Ultima modifica: 14/11/2025 16:42:03
An issue in Intermesh BV GroupOffice vulnerable before v.25.0.47 and 6.8.136 allows a remote attacker to execute arbitrary code via the dbToApi() and eval() in the FunctionField.php
Pubblicato il: 13/11/2025 19:15:48
Ultima modifica: 14/11/2025 17:16:14
The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code.
Pubblicato il: 13/11/2025 19:15:47
Ultima modifica: 14/11/2025 16:42:03
A stack-based buffer overflow exists in the httpd binary of Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The apply_cgi and block_cgi functions copy user-supplied input from the "url" CGI parameter into stack buffers (v36, v29) using sprintf without bounds checking. Because these buffers are allocated as single-byte variables, any non-empty input will trigger a buffer overflow. Remote attackers can exploit this vulnerability via crafted HTTP requests to execute arbitrary code or cause denial of service without authentication.
Pubblicato il: 13/11/2025 17:15:49
Ultima modifica: 14/11/2025 16:42:03
A stack-based buffer overflow exists in the get_merge_ipaddr function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). The function concatenates up to four user-supplied CGI parameters matching
Pubblicato il: 13/11/2025 17:15:48
Ultima modifica: 14/11/2025 16:42:03
pgAdmin versions up to 9.9 are affected by a Remote Code Execution (RCE) vulnerability that occurs when running in server mode and performing restores from PLAIN-format dump files. This issue allows attackers to inject and execute arbitrary commands on the server hosting pgAdmin, posing a critical risk to the integrity and security of the database management system and underlying data.
Pubblicato il: 13/11/2025 13:15:44
Ultima modifica: 14/11/2025 16:42:03
A vulnerability in Cisco Catalyst Center Virtual Appliance could allow an authenticated, remote attacker to elevate privileges to Administrator on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to perform unauthorized modifications to the system, including creating new user accounts or elevating their own privileges on an affected system. To exploit this vulnerability, the attacker must have valid credentials for a user account with at least the role of Observer.
Pubblicato il: 13/11/2025 17:15:45
Ultima modifica: 14/11/2025 16:42:03
A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2_FWv1.10CNB05_R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated using sprintf() into another 512-byte buffer containing a 29-byte constant. Input exceeding 481 bytes triggers a stack buffer overflow, allowing an attacker who can control /proc/version content to potentially execute arbitrary code on the device.
Pubblicato il: 13/11/2025 20:15:51
Ultima modifica: 14/11/2025 18:15:50
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 protection through custom header injection, attackers can extract temporary AWS IAM credentials for the EKS node role, leading to complete compromise of the Kubernetes cluster and associated AWS infrastructure. Version 3.13.1 fixes the issue.
Pubblicato il: 13/11/2025 20:15:53
Ultima modifica: 14/11/2025 16:42:03
Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery (SSRF) vulnerability in the Typebot webhook block (HTTP Request component) functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance Metadata Service (IMDS). By bypassing IMDSv2 protection through custom header injection, attackers can extract temporary AWS IAM credentials for the EKS node role, leading to complete compromise of the Kubernetes cluster and associated AWS infrastructure. Version 3.13.1 fixes the issue.
Pubblicato il: 13/11/2025 20:15:53
Ultima modifica: 14/11/2025 16:42:03
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 nimsh service SSL/TLS implementations could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56347.
Pubblicato il: 13/11/2025 22:15:51
Ultima modifica: 14/11/2025 16:42:03
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 stores NIM private keys used in NIM environments in an insecure way which is susceptible to unauthorized access by an attacker using man in the middle techniques.
Pubblicato il: 13/11/2025 22:15:50
Ultima modifica: 14/11/2025 16:42:03
IBM AIX 7.2, and 7.3 and IBM VIOS 3.1, and 4.1 NIM server (formerly known as NIM master) service (nimesis) could allow a remote attacker to execute arbitrary commands due to improper process controls. This addresses additional attack vectors for a vulnerability that was previously addressed in CVE-2024-56346.
Pubblicato il: 13/11/2025 22:15:50
Ultima modifica: 14/11/2025 16:42:03
Evervault is a payment security solution. A vulnerability was identified in the `evervault-go` SDK’s attestation verification logic in versions of `evervault-go` prior to 1.3.2 that may allow incomplete documents to pass validation. This may cause the client to trust an enclave operator that does not meet expected integrity guarantees. The exploitability of this issue is limited in Evervault-hosted environments as an attacker would require the pre-requisite ability to serve requests from specific evervault domain names, following from our ACME challenge based TLS certificate acquisition pipeline. The vulnerability primarily affects applications which only check PCR8. Though the efficacy is also reduced for applications that check all PCR values, the impact is largely remediated by checking PCR 0, 1 and 2. The identified issue has been addressed in version 1.3.2 by validating attestation documents before storing in the cache, and replacing the naive equality checks with a new SatisfiedBy check. Those who useevervault-go to attest Enclaves that are hosted outside of Evervault environments and cannot upgrade have two possible workarounds available. Modify the application logic to fail verification if PCR8 is not explicitly present and non-empty and/or add custom pre-validation to reject documents that omit any required PCRs.
Pubblicato il: 12/11/2025 21:15:53
Ultima modifica: 14/11/2025 18:15:51
free5gc v4.1.0 and before is vulnerable to Buffer Overflow. When AMF receives an UplinkRANConfigurationTransfer NGAP message from a gNB, the AMF process crashes.
Pubblicato il: 12/11/2025 19:15:37
Ultima modifica: 14/11/2025 16:42:30
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.
Pubblicato il: 12/11/2025 19:15:36
Ultima modifica: 14/11/2025 16:42:30
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
Pubblicato il: 12/11/2025 19:15:36
Ultima modifica: 14/11/2025 16:42:30
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request for a realm matching a DNS zone where they created SRV records pointing to arbitrary ports and hostnames (which may resolve to loopback or internal IP addresses). This vulnerability can be exploited to probe internal network topology and firewall rules, perform port scanning, and exfiltrate data. Deployments where the "use_dns" setting is explicitly set to false are not affected.
Pubblicato il: 12/11/2025 17:15:38
Ultima modifica: 14/11/2025 16:42:30
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
Pubblicato il: 12/11/2025 16:15:37
Ultima modifica: 13/11/2025 16:15:55
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
Pubblicato il: 12/11/2025 16:15:36
Ultima modifica: 13/11/2025 16:15:53
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
Pubblicato il: 12/11/2025 16:15:36
Ultima modifica: 13/11/2025 16:15:55
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. An attacker with network access or the ability to run JS in a victim browser can steal the cookie and replay it to access protected resources.
Pubblicato il: 12/11/2025 15:15:38
Ultima modifica: 13/11/2025 18:15:54
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to access the system with elevated privileges.
Pubblicato il: 12/11/2025 08:15:41
Ultima modifica: 12/11/2025 17:15:36
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with elevated privileges.
Pubblicato il: 12/11/2025 08:15:41
Ultima modifica: 12/11/2025 17:15:36
N-central < 2025.4 is vulnerable to authentication bypass via path traversal
Pubblicato il: 12/11/2025 16:15:35
Ultima modifica: 14/11/2025 19:32:19
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization
Pubblicato il: 12/11/2025 16:15:35
Ultima modifica: 14/11/2025 19:31:50
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file
Pubblicato il: 12/11/2025 16:15:36
Ultima modifica: 13/11/2025 16:15:53
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Pubblicato il: 12/11/2025 17:15:36
Ultima modifica: 14/11/2025 16:42:30
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Pubblicato il: 12/11/2025 17:15:36
Ultima modifica: 14/11/2025 16:42:30
A flaw was found in the Observability Operator. The Operator creates a ServiceAccount with *ClusterRole* upon deployment of the *Namespace-Scoped* Custom Resource MonitorStack. This issue allows an adversarial Kubernetes Account with only namespaced-level roles, for example, a tenant controlling a namespace, to create a MonitorStack in the authorized namespace and then elevate permission to the cluster level by impersonating the ServiceAccount created by the Operator, resulting in privilege escalation and other issues.
Pubblicato il: 12/11/2025 17:15:37
Ultima modifica: 14/11/2025 16:42:30
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. This vulnerability is considered Critical, as it may result in unauthorized access with elevated privileges, compromising system integrity and customer data. Dell recommends customers upgrade to the latest version at the earliest opportunity.
Pubblicato il: 12/11/2025 21:15:50
Ultima modifica: 14/11/2025 16:42:30
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
Pubblicato il: 12/11/2025 20:15:42
Ultima modifica: 14/11/2025 16:42:30
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution.
Pubblicato il: 12/11/2025 20:15:42
Ultima modifica: 14/11/2025 16:42:30