Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798

Summary Security Bulletin: IBM Maximo Application Suite - Manage Component uses path-to-regexp-0.1.7.tgz which is vulnerable to CVE-2024-45296, CVE-2024-52798. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-45296 DESCRIPTION:...

CVE-2025-6763 Comet System H3531 Web-based Management setupA.cfg missing authentication

A vulnerability was found in Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 1.60. Affected by this issue is some unknown functionality of the file /setupA.cfg of the component Web-based Management Interface. Performing manipulation results in missing...

CVE-2025-6763

The CVE-2025-6763 entry concerns a missing authentication issue in the Web-based Management Interface of multiple Comet System products (T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552, H3531) version 1.60. The vulnerability centers on the file /setupA.cfg; manipulation of this file...

PT-2025-27143

Name of the Vulnerable Software and Affected Versions: Comet System T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552 and H3531 version 1.60 Description: A critical vulnerability was found in the Web-based Management Interface component of the affected systems, specifically affecting...

CVE-2025-6530

A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of ...

CVE-2025-6669

A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. Th...

CVE-2025-6524

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is...

Security Bulletin: IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789.

Summary IBM Maximo Application Suite uses runtime-7.20.13.tgz which is vulnerable to CVE-2025-27789. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

PT-2025-26809 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to 7.1.6 Description: The issue is related to inefficient regular expression complexity, which can be exploited by a logged-in user to cause a denial of service DoS condition. Recommendations: For versions prior to 7.1.6,...

CVE-2025-6492

A vulnerability has been found in MarkText up to 0.17.1 and classified as problematic. Affected by this vulnerability is the function getRecommendTitleFromMarkdownString of the file marktext/src/main/utils/index.js. The manipulation leads to inefficient regular expression complexity. The attack c...

CVE-2025-6534 xxyopen/201206030 novel-plus File FileController.java remove resource injection

A vulnerability, which was classified as problematic, was found in xxyopen/201206030 novel-plus up to 5.1.3. This affects the function remove of the file novel-admin/src/main/java/com/java2nb/common/controller/FileController.java of the component File Handler. The manipulation leads to improper...

CVE-2025-6534

Summary: CVE-2025-6534 affects xxyopen/201206030 novel-plus up to version 5.1.3. The vulnerability resides in the File Handler’s remove function (novel-admin/src/main/java/com/java2nb/common/controller/FileController.java) and stems from improper control of resource identifiers. The issue can be ...

CVE-2025-6533

A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/com/java2nb/system/controller/LoginController.java of the component CATCHA Handler. The manipulatio...

PT-2025-26657 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: xxyopen/201206030 novel-plus versions through 5.1.3 Description: A problematic issue exists due to improper control of resource identifiers. This issue affects the remove function within the...

CVE-2025-6530

A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of ...

CVE-2025-6530 70mai M300 Telnet Service demo.sh denial of service

A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of ...

CVE-2025-6530

The CVE-2025-6530 entry concerns 70mai M300’s Telnet Service, specifically an issue in the demo.sh component that can cause a denial of service. The vulnerability mechanism is described as a manipulation of demo.sh, with the attacker needing local-network access and facing high attack complexity;...

CVE-2025-6527

A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is...

CVE-2025-6527 70mai M300 Web Server access control

A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is...

CVE-2025-6527

CVE-2025-6527 affects 70mai M300 Web Server with an unknown function leading to improper access controls. The flaw is exploitable only from the local network, with high attack complexity and no user interaction required. Exploitability is deemed difficult, and disclosures exist, but the provided ...