19186 matches found
CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...
EUVD-2025-36196
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...
CVE-2025-12351 Inadequate access control measure allows unauthorized users to access restricted administrative functions
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of...
CVE-2025-34502
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
Qilin Ransomware Combines Linux Payload With BYOVD Exploit in Hybrid Attack
The ransomware group known as Qilin aka Agenda, Gold Feather, and Water Galura has claimed more than 40 victims every month since the start of 2025, barring January, with the number of postings on its data leak site touching a high of 100 cases in June. The development comes as the...
PT-2025-44007
A vulnerability has been found in dulaiduwang003 TIME-SEA-PLUS up to fb299162f18498dd9cf17da906886d80a077d53b. This affects the function alipayIsSucceed of the file PayController.java of the component Order Status Handler. The manipulation leads to improper authorization. Remote exploitation of t...
pybbs 访问控制错误漏洞
pybbs is a community platform for Java development by iuiu individual developers. An access control error vulnerability exists in pybbs version 6.0.0 and earlier, which stems from the misuse of an unknown function in the file UserApiController.java, which could lead to information disclosure...
Honeywell S35 Series 安全漏洞
Honeywell S35 Series is a series of cameras from Honeywell USA. A security vulnerability exists in the Honeywell S35 Series that stems from an authorization bypass of the user controller key, which could result in elevated privileges...
shiyi-blog 代码问题漏洞
shiyi-blog is a vue+springboot front-end and back-end separated blog system by bule individual developer. A code issue vulnerability exists in shiyi-blog 1.2.1 and earlier versions, which originates from a deserialization issue in the Job Handler component in the file...
PT-2025-43970
Name of the Vulnerable Software and Affected Versions Honeywell S35 Series Cameras versions prior to 2025.08.28 Pinhole/Kit Camera Honeywell S35 Series Cameras versions prior to 2025.08.22 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera Honeywell S35 Series Cameras versions...
PT-2025-44008
Name of the Vulnerable Software and Affected Versions quequnlong shiyi-blog versions up to 1.2.1 Description A flaw exists in the Job Handler component of quequnlong shiyi-blog. The issue involves deserialization within an unknown function of the file...
TIME-SEA-PLUS 授权问题漏洞
TIME-SEA-PLUS is an Ai platform for bdth individual developers. dulaiduwang003 TIME-SEA-PLUS has an authorization issue vulnerability that originates from improper authorization of the function alipayIsSucceed in the file PayController.java, which could lead to a remote attack...
Linux Distros Unpatched Vulnerability : CVE-2025-10230
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing initial password...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are vulnerable to a cross-site scripting vulnerability that is caused by improper...
EUVD-2025-35894
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from the creation of an undocument...
Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞
The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by the use of vulnerable...
SUSE CVE-2025-40020
In the Linux kernel, the following vulnerability has been resolved: can: peakusb: fix shift-out-of-bounds issue Explicitly uses a 64-bit constant when the number of bits used for its shifting is 32 which is the case for PC CAN FD interfaces supported by this driver. mkl: update subject, apply...
CVE-2025-34502 Shuffle Master Deck Mate 2 Missing Secure Boot
Deck Mate 2 lacks a verified secure-boot chain and runtime integrity validation for its controller and display modules. Without cryptographic boot verification, an attacker with physical access can modify or replace the bootloader, kernel, or filesystem and gain persistent code execution on reboo...