CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2025-6916

TOTOLINK T6 is affected (version 4.1.5cu.748_B20211015). The vulnerability resides in the Form_Login function of /formLoginAuth.htm, where manipulating the authCode/goURL parameter leads to missing authentication. Access is required from the local network, and the exploit has been publicly disclo...

CVE-2025-6916 TOTOLINK T6 formLoginAuth.htm Form_Login missing authentication

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

CVE-2025-6532

The CVE-2025-6532 entry concerns NOYAFA/Xiami LF9 Pro devices (up to 20250611) with a vulnerability in the RTSP Live Video Stream Endpoint that leads to improper access controls. The issue is rooted in the component handling RTSP streams, allowing potential unauthorized access within the local ne...

PT-2025-26655 · Noyafa · Noyafa/Xiami Lf9 Pro

Name of the Vulnerable Software and Affected Versions: NOYAFA/Xiami LF9 Pro up to 20250611 Description: A problematic vulnerability was found in the RTSP Live Video Stream Endpoint component of the NOYAFA/Xiami LF9 Pro device. This issue leads to improper access controls, allowing for unauthorize...

CVE-2025-6531 SIFUSM/MZZYG BD S1 RTSP Live Video Stream Endpoint access control

A vulnerability was found in SIFUSM/MZZYG BD S1 up to 20250611. It has been declared as problematic. This vulnerability affects unknown code of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. Access to the local network is required for this attac...

CVE-2025-6528

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...

CVE-2025-6528 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...

CVE-2025-6525

A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...

CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization

A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...

CVE-2025-6525

CVE-2025-6525 affects 70mai 1S up to 20250611 with improper authorization in the Configuration Handler via /cgi-bin/Config.cgi?action=set. Exploitation requires local-network access; multiple feeds indicate publicly disclosed exploit and lack of vendor response. Impact is described as unauthorize...

PT-2025-26651

Name of the Vulnerable Software and Affected Versions: 70mai M300 up to 20250611 Description: A vulnerability has been found in the RTSP Live Video Stream Endpoint of the 70mai M300, affecting an unknown functionality of the file /livestream/12. This leads to improper authentication. The attack...

📄 RustFly 2.0.0 Remote Code Execution

RustFly version 2.0.0 contains a critical vulnerability in its remote input processing layer that allows unauthenticated attackers to achieve remote code execution. RustFly v2.0.0- Remote Code Execution RCE Exploit Title: RustFly v2.0.0- Remote Code Execution RCE Date: 2025-05-29 Exploit Author:...

CVE-2024-21040

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21024

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21023

Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite component: LOV. Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2024-21906

An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823...

CVE-2023-22815

Post-authentication remote command injection vulnerability in Western Digital My Cloud OS 5 devices that could allow an attacker to execute code in the context of the root user on vulnerable CGI files. This vulnerability can only be exploited over the network and the attacker must already have...

CVE-2023-34976

A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: Video Station 5.7.0 2023/07/27 and later...

CVE-2023-23373

An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 2023/06/15 and later...