CVE-2025-65007 Missing Authentication for Critical Function in WODESYS WD-R608U router

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

PT-2025-52246

In WODESYS WD-R608U router also known as WDR122B V2.0 and WDR28 due to lack of authentication in the configuration change module in the adm.cgi endpoint, the unauthenticated attacker can execute commands including backup creation, device restart and resetting the device to factory settings. The...

CVE-2025-53702

Vilar VS-IPC1002 IP cameras are vulnerable to DoS Denial-of-Service attacks. An unauthenticated attacker on the same local network might send a crafted request to /cgi-bin/action endpoint and render the device completely unresponsive. A manual restart of the device is required. The vendor did not...

EUVD-2025-30773

Malicious code in bioql PyPI...

CVE-2025-9983

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...

CVE-2025-9983 Lack of Authentication for RTSP stream

GALAYOU G2 cameras stream video output via RTSP streams. By default these streams are protected by randomly generated credentials. However these credentials are not required to access the stream. Changing these values does not change camera's behavior. The vendor did not respond in any way. Only...

CVE-2025-9983

The CVE-2025-9983 affects GALAYOU G2 IP cameras, where RTSP streams can be accessed without valid credentials. The issue arises because default credentials are not required to access streams, and changing them does not affect behavior, indicating an authentication bypass in the RTSP service. Affe...

PT-2025-34982

Name of the Vulnerable Software and Affected Versions: QuickCMS version 6.8 Description: QuickCMS is susceptible to Reflected Cross-Site Scripting XSS through the sSort parameter within the admin panel functionality. An attacker can leverage this to execute arbitrary JavaScript code in a victim’s...

FreeBSD : electron{32,33} -- multiple vulnerabilities (f4f3e001-402b-4d6d-8efa-ab11fcf8de2b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f4f3e001-402b-4d6d-8efa-ab11fcf8de2b advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

FreeBSD : chromium -- multiple security fixes (ab254c9d-9c36-11ef-8c1c-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ab254c9d-9c36-11ef-8c1c-a8a1599412c6 advisory. Chrome Releases reports: This update includes 2 security fixes: Tenable has extracted the...

FreeBSD : chromium -- multiple security fixes (2f82696c-adad-447b-9938-c99441805fa3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 2f82696c-adad-447b-9938-c99441805fa3 advisory. Chrome Releases reports: This update includes 5 security fixes: Tenable has extracted the...

QNAP QTS and Photo Station Local File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'QNAP QTS and Photo Station Local File Inclusion', 'Description' = %q This module exploits a local file inclusion in QNAP QTS and Photo Station th...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42225)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42225 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skbput with skbputze...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-26900)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26900 advisory. - In the Linux kernel, the following vulnerability has been resolved: md: fix kmemleak of rdev-serial If...

SofaWiki 3.9.2 Shell Upload

Exploit Title: SofaWiki 3.9.2 - Remote Command Execution RCE Authenticated Discovered by: Ahmet Ümit BAYRAM Discovered Date: 18.04.2024 Vendor Homepage: https://www.sofawiki.com Software Link: https://www.sofawiki.com/site/files/snapshot.zip Tested Version: v3.9.2 latest Tested on: MacOS import...

FlatPress v1.3 - Remote Command Execution

Exploit Title: FlatPress v1.3 - Remote Command Execution Discovered by: Ahmet Ümit BAYRAM Discovered Date: 19.04.2024 Vendor Homepage: https://www.flatpress.org Software Link: https://github.com/flatpressblog/flatpress/archive/1.3.zip Tested Version: 1.3 latest Tested on: MacOS import requests...

CBL Mariner 2.0 Security Update: memcached (CVE-2023-46853)

The version of memcached installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-46853 advisory. - In Memcached before 1.6.22, an off-by-one error exists when processing proxy requests in proxy mode, if \...

NVClient v5.0 - Stack Buffer Overflow Exploit

Exploit Title: NVClient v5.0 - Stack Buffer Overflow DoS Discovered by: Ahmet Ümit BAYRAM Software Link: http://www.neonguvenlik.com/yuklemeler/yazilim/kst-f919-hd2004.rar Software Manual: http://download.eyemaxdvr.com/DVST%20ST%20SERIES/CMS/Video%20Surveillance%20Management%20SoftwareV5.0.pdf...

WordPress Backup Migration 1.2.8 Plugin - Unauthenticated Database Backup Vulnerability

Exploit Title: WordPress Plugin Backup Migration 1.2.8 - Unauthenticated Database Backup Google Dork: intitle:"Index of /wp-content/plugins/backup-backup" AND inurl:"plugins/backup-backup/" Exploit Author: Wadeek Vendor Homepage: https://backupbliss.com/ Software Link:...

CBL Mariner 2.0 Security Update: vim (CVE-2022-1674)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-1674 advisory. - NULL Pointer Dereference in function vimregexecstring at regexp.c:2733 in GitHub repository vim/vim prior to...