CVE-2025-7464

CVE-2025-7464 affects osrg GoBGP up to version 3.37.0. The vulnerability is in SplitRTR (pkg/packet/rtr/rtr.go) where input handling allows an out-of-bounds read, with remote feasibility and high attack complexity. The patch is identified as e748f43496d74946d14fed85c776452e47b99d64; upgrading to ...

CVE-2025-7453 saltbo zpan JSON Web Token token.go NewToken hard-coded password

A vulnerability was found in saltbo zpan up to 1.6.5/1.7.0-beta2. It has been rated as problematic. This issue affects the function NewToken of the file zpan/internal/app/service/token.go of the component JSON Web Token Handler. The manipulation with the input 123 leads to use of hard-coded...

CVE-2025-7214

A vulnerability classified as problematic was found in FNKvision FNK-GU2 up to 40.1.7. Affected by this vulnerability is an unknown functionality of the file /etc/shadow of the component MD5. The manipulation leads to risky cryptographic algorithm. It is possible to launch the attack on the...

CVE-2025-7214

CVE-2025-7214 affects FNKvision FNK-GU2 (≤ 40.1.7). The vulnerability involves an unspecified function in the MD5 component reading/writing the /etc/shadow file, leading to a risky cryptographic algorithm. Impact is described as feasible to launch on the physical device, with high attack complexi...

PT-2025-28837 · Fnkvision · Fnk-Gu2

Name of the Vulnerable Software and Affected Versions: FNKvision FNK-GU2 versions up to 40.1.7 Description: A critical vulnerability has been found in the UART Interface component of FNKvision FNK-GU2, allowing for improper access control to the on-chip debug and test interface. The attack can be...

CVE-2025-53539 ReDoS in fastapi-guard's penetration attempts detector

FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely...

CVE-2025-3262

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the huggingface/transformers repository, specifically in version 4.49.0. The vulnerability is due to inefficient regular expression complexity in the SETTINGRE variable within the transformers/commands/chat.py file. The...

CVE-2025-7097

A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file cisupdatex64.xml of the component Manifest File Handler. The manipulation of the argument binary/params leads to os command...

CVE-2025-7098

CVE-2025-7098 describes a path traversal vulnerability in Comodo Internet Security Premium 12.3.4.8162, impacting the File Name Handler component. The issue arises from manipulation of the name/folder argument, enabling path traversal and remote exploitation. The CVSS vectors in the provided sour...

CVE-2025-7098 Comodo Internet Security Premium File Name path traversal

A vulnerability, which was classified as critical, was found in Comodo Internet Security Premium 12.3.4.8162. Affected is an unknown function of the component File Name Handler. The manipulation of the argument name/folder leads to path traversal. It is possible to launch the attack remotely. The...

CVE-2025-7096

A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cisupdatex64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be...

CVE-2025-7095

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an atta...

CVE-2025-7095

A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an atta...

CVE-2025-7079

A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebellbackend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plu...

CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

CVE-2025-7080 Done-0 Jank JWT Token jwt_utils.go hard-coded password

A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...

CVE-2025-7074

A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack...

hyper 安全漏洞

hyper is a fast, correct HTTP implementation of Rust in the hyperium open source. A security vulnerability exists in hyper 3.4.1 and earlier versions, which stems from a regular expression complexity deficiency in the function expand/braceExpand/ignoreMap in the file hyper/bin/rimraf-standalone.j...

CVE-2025-7060

CVE-2025-7060 concerns Monitorr up to 1.7.6m. The vulnerability affects the Installer component and specifically the file assets/config/_installation/mkdbajax.php. The issue is due to improper input validation when manipulating the datadir argument, enabling a remote attack. Documents indicate th...