CVE-2025-13806

CVE-2025-13806 affects nutzam NutzBoot up to 2.6.0-SNAPSHOT. The vulnerability concerns the Transaction API’s EthModule.java, where manipulation of the from/to/wei arguments enables improper authorization. Remote exploitation is possible, and exploits have been publicly disclosed. Multiple source...

CVE-2025-10326 MiczFlor RPi-Jukebox-RFID single.php os command injection

A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-32897

In ProtocolCdmaCallWaitingIndAdapter::GetCwInfo of protocolsmsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

CVE-2023-35652

In ProtocolEmergencyCallListIndAdapter::Init of protocolcalladapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation...

B&R Industrial Automation Automation Studio 4

1. EXECUTIVE SUMMARY CVSS v3 8.3 ATTENTION: Exploitable remotely Vendor: B&R Industrial Automation Equipment: Automation Studio 4 Vulnerability: Unrestricted Upload of File with Dangerous Type 2. RISK EVALUATION An attacker could leverage this vulnerability to execute code within the context of...