Apple多款产品 安全漏洞

Apple iOS and others are products of Apple Inc. Apple iOS is an operating system developed for mobile devices. apple macOS is a specialized operating system developed for Mac computers. apple iPadOS is an operating system for iPad tablet computers. A security vulnerability exists in multiple Appl...

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

RiteCMS 安全漏洞

RiteCMS is an open source content management system based on php and sqlite. RiteCMS suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an attacker to execute arbitrary Web...

PT-2025-51796

Name of the Vulnerable Software and Affected Versions Fuji Electric Monitouch V-SFT-6 affected versions not specified Description The software contains a flaw due to an out-of-bounds write condition when handling a specifically designed project file. Successful exploitation of this issue could...

CVE-2025-65855

The OTA firmware update mechanism in Netun Solutions HelpFlash IoT firmware v18178221102ASCIIPRO1R550 uses hard-coded WiFi credentials identical across all devices and does not authenticate update servers or validate firmware signatures. An attacker with brief physical access can activate OTA mod...

CVE-2025-65855

The CVE-2025-65855 entry concerns Netun Solutions HelpFlash IoT. The OTA firmware update mechanism (firmware v18_178_221102_ASCII_PRO_1R5_50) uses hard-coded WiFi credentials shared across devices and does not authenticate update servers or validate firmware signatures. An attacker with brief phy...

CVE-2025-10888

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2025-10900

AA maliciously crafted MODEL file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2025-10887

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-10882

AA maliciously crafted XT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process...

CVE-2025-9456

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-10886

A maliciously crafted MODEL file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-9452

A maliciously crafted SLDPRT file, when parsed through certain Autodesk products, can force a Memory corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2025-34288

Nagios XI versions prior to 2026R1.1 are vulnerable to local privilege escalation due to an unsafe interaction between sudo permissions and application file permissions. A user‑accessible maintenance script may be executed as root via sudo and includes an application file that is writable by a...

UNIX Symbolic Link (Symlink) Following

Overview nvidia-resiliency-ext is a NVIDIA Resiliency Package Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the log aggregation. An attacker can gain elevated privileges, execute arbitrary code, cause service disruption, access sensitive information,...

CVE-2025-66635

Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under References...

CVE-2025-66635

Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under References...

CVE-2025-66635

Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under References...

EUVD-2025-203525

Stack-based buffer overflow vulnerability exists in SEIKO EPSON Web Config. Specially crafted data input by a logged-in user may execute arbitrary code. As for the details of the affected products and versions, see the information provided by the vendor under References...

CVE-2025-14252

An Improper Access Control vulnerability in Advantech SUSI driver susi.sys allows attackers to read/write arbitrary memory, I/O ports, and MSRs, resulting in privilege escalation, arbitrary code execution, and information disclosure. This issue affects Advantech SUSI: 5.0.24335 and prior...