185 matches found
CVE-2025-7075 BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within...
CVE-2025-7070 IROAD Dashcam Q9 MFA Pairing Request allocation of resources
A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local...
CVE-2025-6916
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...
CVE-2025-6532
A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...
CVE-2025-6526
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...
CVE-2025-6532
A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...
CVE-2025-6528 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication
A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...
CVE-2025-6526 70mai M300 HTTP Server insufficiently protected credentials
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...
CVE-2025-6526
CVE-2025-6526 affects 70mai M300 up to 20250611, specifically the HTTP Server component. The vulnerability arises from insufficient protection of credentials, enabling an attack that can be performed from within the local network. The documented attack complexity is high and exploitation is descr...
CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization
A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...
PT-2025-26649
Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue has been found in the HTTP Server component, leading to insufficiently protected credentials. The attack can only be done within the local network and has a high complexity,...
PT-2025-26650
Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue was found in the Web Server component, affecting an unknown function. This leads to improper access controls. The attack can only be initiated within the local network and ha...
CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password
A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...
CVE-2025-6139
CVE-2025-6139 affects TOTOLINK T10, version 4.1.8cu.5207. A vulnerability in the file /etc/shadow.sample allows use of a hard-coded password due to trust-management weaknesses. Attack requires proximity (local network) with high complexity, and the vulnerability potentially impacts confidentialit...
Exploit for Use After Free in Apple Ipados
CVE-2025-24252 iOS "Airborne" Vulnerabilities - Log Artifact E...
CVE-2023-39535
AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability...
CVE-2023-35838
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while...
CVE-2022-28375
Verizon 5G Home LVSKIHP OutDoorUnit ODU 3.33.101.0 does not property sanitize user-controlled parameters within the crtcswitchsimprofile function of the crtcrpc JSON listener. A remote attacker on the local network can inject shell metacharacters into /usr/lib/lua/5.1/luci/controller/rpc.lua to...
CVE-2012-3887
AirDroid before 1.0.7 beta uses a cleartext base64 format for data transfer that is documented as an "Encrypted Transmission" feature, which allows remote attackers to obtain sensitive information by sniffing the local wireless network, as demonstrated by the SMS message content sent to the...
CVE-2025-4446
A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function EditListSSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within the local network...