92 matches found
EUVD-2025-7506
Malicious code in bioql PyPI...
EUVD-2025-8685
Malicious code in bioql PyPI...
EUVD-2025-7167
Malicious code in bioql PyPI...
EUVD-2025-10863
Malicious code in bioql PyPI...
EUVD-2025-7165
Malicious code in bioql PyPI...
EUVD-2025-8687
Malicious code in bioql PyPI...
PT-2025-28041 · Blackvue · Blackvue Dashcam 590X
Name of the Vulnerable Software and Affected Versions: BlackVue Dashcam 590X up to 20250624 Description: A critical issue affects some unknown functionality of the file /upload.cgi of the component Configuration Handler, leading to improper access controls. The attack must be initiated within the...
CVE-2025-6951 SAFECAM X300 FTP Service default credentials
A vulnerability classified as problematic was found in SAFECAM X300 up to 20250611. This vulnerability affects unknown code of the component FTP Service. The manipulation leads to use of default credentials. Access to the local network is required for this attack to succeed. The exploit has been...
CVE-2025-6916
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...
CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...
CVE-2025-6916
TOTOLINK T6 is affected (version 4.1.5cu.748_B20211015). The vulnerability resides in the Form_Login function of /formLoginAuth.htm, where manipulating the authCode/goURL parameter leads to missing authentication. Access is required from the local network, and the exploit has been publicly disclo...
CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication
A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...
CVE-2025-6532
The CVE-2025-6532 entry concerns NOYAFA/Xiami LF9 Pro devices (up to 20250611) with a vulnerability in the RTSP Live Video Stream Endpoint that leads to improper access controls. The issue is rooted in the component handling RTSP streams, allowing potential unauthorized access within the local ne...
PT-2025-26655 · Noyafa · Noyafa/Xiami Lf9 Pro
Name of the Vulnerable Software and Affected Versions: NOYAFA/Xiami LF9 Pro up to 20250611 Description: A problematic vulnerability was found in the RTSP Live Video Stream Endpoint component of the NOYAFA/Xiami LF9 Pro device. This issue leads to improper access controls, allowing for unauthorize...
CVE-2025-6528
A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...
CVE-2025-6528 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication
A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...
CVE-2025-6525
A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...
CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization
A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...
CVE-2025-6525
CVE-2025-6525 affects 70mai 1S up to 20250611 with improper authorization in the Configuration Handler via /cgi-bin/Config.cgi?action=set. Exploitation requires local-network access; multiple feeds indicate publicly disclosed exploit and lack of vendor response. Impact is described as unauthorize...
PT-2025-26651
Name of the Vulnerable Software and Affected Versions: 70mai M300 up to 20250611 Description: A vulnerability has been found in the RTSP Live Video Stream Endpoint of the 70mai M300, affecting an unknown functionality of the file /livestream/12. This leads to improper authentication. The attack...