CVE-2025-10252 SEAT Queue Ticket Kiosk Java RMI Registry deserialization

A flaw has been found in SEAT Queue Ticket Kiosk up to 20250827. This affects an unknown part of the component Java RMI Registry Handler. This manipulation causes deserialization. The attack can only be done within the local network. The attack is considered to have high complexity. It is indicat...

CVE-2025-10252

CVE-2025-10252 affects SEAT Queue Ticket Kiosk (up to 20250827) via a deserialization flaw in the Java RMI Registry Handler. The issue is exploitable only over a local network, with high attack complexity and low overall impact per CVSS metrics (LOW). The vendor has not responded to disclosures. ...

CVE-2025-10250

A weakness has been identified in DJI Mavic Spark, Mavic Air and Mavic Mini 01.00.0500. Affected is an unknown function of the component Telemetry Channel. Executing manipulation can lead to use of hard-coded cryptographic key . The attacker needs to be present on the local network. A high...

PT-2025-37182

Name of the Vulnerable Software and Affected Versions: SEAT Queue Ticket Kiosk versions up to 20250827 Description: A flaw exists in the Java RMI Registry Handler component of SEAT Queue Ticket Kiosk. This issue allows for deserialization, and can only be exploited within a local network. The...

CVE-2025-10216 GrandNode Voucher ConfirmOrder race condition

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

PT-2025-37100

Name of the Vulnerable Software and Affected Versions: GrandNode versions prior to 2.3.0 Description: A flaw exists in GrandNode up to version 2.3.0 within the Voucher Handler component, specifically in the /checkout/ConfirmOrder/ file. Manipulation of the giftvouchercouponcode argument can trigg...

Rockwell Automation FactoryTalk Optix

RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker achieving remote code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network exposure for all...

CVE-2025-58451

Cattown is a JavaScript markdown parser. Versions prior to 1.0.2 used regular expressions with inefficient, potentially exponential worst-case complexity. This could cause excessive CPU usage due to excessive backtracking on crafted inputs. In turn, the excessive CPU usage could lead to resource...

CVE-2025-10080

A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key . The...

CVE-2025-9828

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitabili...

CVE-2025-9806

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...

CVE-2025-9799

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9828

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitabili...

CVE-2025-9828

A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. This attack is characterized by high complexity. The exploitabili...

CVE-2025-9731

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...

CVE-2025-9799 Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery

A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request...

CVE-2025-9778

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

CVE-2025-9778 Tenda W12 Administrative shadow hard-coded credentials

A security vulnerability has been detected in Tenda W12 up to 3.0.0.63948. Affected is an unknown function of the file /etcro/shadow of the component Administrative Interface. The manipulation leads to hard-coded credentials. An attack has to be approached locally. The complexity of an attack is...

CVE-2025-9731

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...

CVE-2025-9731 Tenda AC9 Administrative shadow hard-coded credentials

A vulnerability was determined in Tenda AC9 15.03.05.19. The impacted element is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation causes hard-coded credentials. It is possible to launch the attack on the local host. The attack's complexity...