CVE-2023-7308

SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated...

CVE-2025-53507

Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under Product Status...

Meitrack T366G-L GPS Tracker 安全漏洞

Meitrack T366G-L GPS Tracker is a vehicle GPT locator from Meitrack China. A security vulnerability exists in the Meitrack T366G-L GPS Tracker, which originates from improper access control of the SPI flash memory chip and could lead to the disclosure of sensitive configuration data...

CVE-2025-38648

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

DEBIAN-CVE-2025-38648

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

UBUNTU-CVE-2025-38648

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

CVE-2025-38648

CVE-2025-38648 refers to a Linux kernel issue in the stm32 SPI driver. The stm32_spi_probe now validates that the pointer returned by of_device_get_match_data (cfg) is non-NULL before accessing cfg->has_device_mode, preventing a potential NULL pointer dereference and possible system crash. If ...

CVE-2025-38648 spi: stm32: Check for cfg availability in stm32_spi_probe

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

Moderate: Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage

A Subscription Management tool for finding and reporting Red Hat product usage Red Hat Discovery, also known as Discovery, is an inspection and reporting tool that finds, identifies, and reports environment data, or facts, such as the number of physical and virtual systems on a network, their...

CVE-2025-43988

KuWFi 5G01-X55 FL2020V0.0.12 devices expose an unauthenticated API endpoint ajaxget.cgi, allowing remote attackers to retrieve sensitive configuration data, including admin credentials...

CVE-2025-55165

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...

CVE-2025-43988

KuWFi 5G01-X55 FL2020V0.0.12 devices expose an unauthenticated API endpoint ajaxget.cgi, allowing remote attackers to retrieve sensitive configuration data, including admin credentials...

CVE-2025-55280 Information Disclosure Vulnerability in ZKTeco WL20

This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmware. An attacker with physical access could exploit this vulnerability by extracting the firmware and reverse engineer the binary data to access the...

CVE-2025-55280

CVE-2025-55280 (ZKTeco WL20) : The device stores Wi‑Fi credentials, configuration data, and system data in plaintext inside its firmware. An attacker with physical access could extract the firmware, reverse‑engineer binaries, and read the sensitive data, potentially gaining unauthorized network a...

CVE-2025-43988

CVE-2025-43988 affects KuWFi 5G01‑X55 FL2020_V0.0.12. The device exposes an unauthenticated API endpoint (ajax_get.cgi), enabling remote retrieval of sensitive configuration data including admin credentials. Mitigation: disable or restrict access to the ajax_get.cgi endpoint (per PT‑security entr...

KuWFi 5G01-X55 安全漏洞

KuWFi 5G01-X55 is a WiFi router from KuWFi China. A security vulnerability exists in KuWFi 5G01-X55 FL2020V0.0.12, which originates from an unauthenticated API endpoint could lead to the disclosure of sensitive configuration data...

PT-2025-33072 · Kuwfi · Kuwfi 5G01-X55

Name of the Vulnerable Software and Affected Versions: KuWFi 5G01-X55 version FL2020 V0.0.12 Description: KuWFi 5G01-X55 devices expose an unauthenticated API endpoint ajax get.cgi, allowing remote attackers to retrieve sensitive configuration data, including admin credentials. Recommendations:...

CVE-2025-43988

KuWFi 5G01-X55 FL2020V0.0.12 devices expose an unauthenticated API endpoint ajaxget.cgi, allowing remote attackers to retrieve sensitive configuration data, including admin credentials...

CVE-2025-43988

KuWFi 5G01-X55 FL2020V0.0.12 devices expose an unauthenticated API endpoint ajaxget.cgi, allowing remote attackers to retrieve sensitive configuration data, including admin credentials...

CVE-2025-55165 Autocaliweb Exposure of Sensitive Information to an Unauthorized Actor in `config_sql.py`

Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the todict method, used ...