3635 matches found
CVE-2025-9513
A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument privkey causes inadequate encryption strength. Remote exploitation of the attack is possible. A high...
CVE-2025-9513 editso fuso mod.rs PenetrateRsaAndAesHandshake inadequate encryption
A flaw has been found in editso fuso up to 1.0.4-beta.7. This affects the function PenetrateRsaAndAesHandshake of the file src/net/penetrate/handshake/mod.rs. This manipulation of the argument privkey causes inadequate encryption strength. Remote exploitation of the attack is possible. A high...
CVE-2025-9513
The CVE-2025-9513 issue affects editso fuso up to version 1.0.4-beta.7. The vulnerable component is PenetrateRsaAndAesHandshake in src/net/penetrate/handshake/mod.rs, where manipulating the priv_key argument leads to inadequate encryption strength. This enables remote exploitation, though exploit...
CVE-2025-50975
IPFire 2.29 web-based firewall interface firewall.cgi fails to sanitize several rule parameters such as PROT, SRCPORT, TGTPORT, dnatport, key, ruleremark, srcaddr, stdnettgt, and tgtaddr, allowing an authenticated administrator to inject persistent JavaScript. This stored XSS payload is executed...
CVE-2025-9382
A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1rftestconfig of the component Telnet Sevice. Executing manipulation can lead to backdoor. The physical device can be targeted for the attack. This attack is...
CVE-2025-50975
The CVE-2025-50975 entry concerns IPFire 2.29, where the web-based firewall interface (firewall.cgi) does not sanitize multiple rule parameters (PROT, SRC_PORT, TGT_PORT, dnatport, key, ruleremark, src_addr, std_net_tgt, tgt_addr). This allows an authenticated administrator to inject persistent J...
CVE-2025-9401
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...
CVE-2025-9401
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...
CVE-2025-9401 HuangDou UTCMS Login login.php comparison
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a hig...
CVE-2025-9401
HuangDou UTCMS 9 is affected in the Login component (file app/modules/ut-frame/admin/login.php). The issue arises from manipulation of the code parameter, causing an incorrect comparison. It is exploitable remotely with high complexity, and exploitation is publicly disclosed. No patch/version fix...
CVE-2025-9382
The CVE-2025-9382 vulnerability affects FNKvision Y215 CCTV Camera 10.194.120.40, specifically the s1_rf_test_config file within the Telnet Sevice. According to provided data, exploitation can enable a backdoor on the physical device. The attack has high complexity, requires physical access (atta...
CVE-2025-9382 FNKvision Y215 CCTV Camera Telnet Sevice s1_rf_test_config backdoor
A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1rftestconfig of the component Telnet Sevice. Executing manipulation can lead to backdoor. The physical device can be targeted for the attack. This attack is...
CVE-2025-9381 FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpasupplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as...
CVE-2025-9262
A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity...
CVE-2025-9239
A vulnerability was identified in elunez eladmin up to 2.7. Affected by this vulnerability is the function EncryptUtils of the file eladmin-common/src/main/java/me/zhengjie/utils/EncryptUtils.java of the component DES Key Handler. The manipulation of the argument STRPARAM with the input Passw0rd...
SUSE CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9309
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
CVE-2025-9146
A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...
CVE-2025-9309 Tenda AC10 MD5 Hash shadow hard-coded credentials
A vulnerability was found in Tenda AC10 16.03.10.13. Affected is an unknown function of the file /etcro/shadow of the component MD5 Hash Handler. Performing manipulation results in hard-coded credentials. The attack needs to be approached locally. A high degree of complexity is needed for the...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...