CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

CVE-2025-1977

The NPort 6100-G2/6200-G2 Series is affected by an execution with unnecessary privileges vulnerability CVE-2025-1977 that allows an authenticated user with read-only access to perform unauthorized configuration changes through the MCC Moxa CLI Configuration tool. The issue can be exploited remote...

Moxa NPort 6100-G2 Series和Moxa NPort 6200-G2 Series 安全漏洞

The Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series are both a series of secure terminal servers from Moxa Corporation of Taiwan, China. A security vulnerability exists in the Moxa NPort 6100-G2 Series and Moxa NPort 6200-G2 Series that originates from an authenticated user with read-only...

CVE-2024-58337

Akuvox Smart Intercom S539 contains an improper access control vulnerability that allows users with 'User' privileges to modify API access settings and configurations. Attackers can exploit this vulnerability to escalate privileges and gain unauthorized access to administrative functionalities...

CVE-2025-68926 RustFS has a gRPC Hardcoded Token Authentication Bypass

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.78, RustFS implements gRPC authentication using a hardcoded static token "rustfs rpc" that is publicly exposed in the source code repository, hardcoded on both client and server sides, non-configurable...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2025-15153

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

CVE-2019-25250

The CVE covers Devolo dLAN 500 AV Wireless+ (firmware 3.1.0-1) with a cross-site request forgery flaw that allows triggering administrative actions via malicious pages when a logged-in user visits. Root cause stated across sources is lack of proper request validation enabling CSRF to trigger unau...

CVE-2025-61740

Johnson Controls IQ Panels2, 2+, IQHub, IQPanel 4 and PowerG are affected by an origin validation error where the device does not verify the source of a received packet. This can enable a denial-of-service or modification of device configuration (CVSS v4.0 base score 7.2). The connected documents...

PT-2025-52651

Name of the Vulnerable Software and Affected Versions Network Device affected versions not specified Description An issue exists where authentication does not properly verify the source of network packets. This could allow an attacker to create a denial-of-service condition or modify the device...

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

CVE-2025-14432

In limited scenarios, sensitive data might be written to the log file if an admin uses Microsoft Teams Admin Center TAC to make device configuration changes. The affected log file is visible only to users with admin credentials. This is limited to Microsoft TAC and does not affect configuration...

CVE-2025-41745 Reflected XSS vulnerability in pxc_portCntr2.php

An XSS vulnerability in pxcportCntr2.php can be used by an unauthenticated remote attacker to trick an authenticated user to send a manipulated POST request to the device in order to change parameters available via web based management WBM. The vulnerability does not provide access to system-leve...

EUVD-2025-201338

The CRM Memberships plugin for WordPress is vulnerable to unauthorized membership tag creation due to a missing capability check on the 'ntzcrmaddnewtag' function in all versions up to, and including, 2.5. This makes it possible for unauthenticated attackers to create arbitrary membership tags an...

WordPress Peer Publish plugin Cross-Site Request Forgery Vulnerability

The WordPress Peer Publish plugin is a tool for multi-author collaboration that allows users to submit posts to a WordPress blog for review and publication by other users. A cross-site request forgery vulnerability exists in WordPress Peer Publish plugin, which stems from a lack of random number...

OPENSUSE-SU-2025:20049-1 Security update for tiff

This update for tiff fixes the following issues: tiff was updated to 4.7.1: Software configuration changes: Define HAVEJPEGTURBODUALMODE812 and LERCSTATIC in tifconfig.h. CMake: define WORDSBIGENDIAN via tifconfig.h doc/CMakeLists.txt: remove useless cmakeminimumrequired CMake: fix build with...

Malicious code in jasmine-karma-innercore-csrf (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 203c72244b8153dbfc6ea87c52825b1a48e6cc1db0147ae09eecb408d18f79d4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in paleoecology-webdriver-manager-cli-outercore (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector a1702a5ded5d7db3c4166a15a439a1ab13253c487e4124cb1374ba85b937cfa5 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-189535 Malicious code in slidev-levels-install-jasmine (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 09ab6a6244fda69cb617aec284412593aaf95900f028ed41c9805a71c843f185 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in imodiov-kufni-uavcseqaaba (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 58f1e644b2ee581f6c33253618a58c48ad72b08f735d6e9a12ea9a6e9470b2f7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...