CVE-2025-6748 Bharti Airtel Thanks App files cleartext storage in a file or on disk

A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the...

CVE-2025-5825

Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the...

CVE-2022-49945 hwmon: (gpio-fan) Fix array out of bounds access

In the Linux kernel, the following vulnerability has been resolved: hwmon: gpio-fan Fix array out of bounds access The driver does not check if the cooling state passed to gpiofansetcurstate exceeds the maximum cooling state as stored in fandata-numspeeds. Since the cooling state is later used as...

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial Firmware Downgrade Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this...

CVE-2024-52015

Netgear R8500 v1.0.2.160, XR300 v1.0.3.78, R7000P v1.3.3.154, and R6400 v2 1.0.4.128 were discovered to contain a stack overflow via the pptpuserip parameter at bswpptp.cgi. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted POST request...

CVE-2021-36923

RtsUpx.sys in Realtek RtsUpx USB Utility Driver for Camera/Hub/Audio through 1.14.0.0 allows local low-privileged users to achieve unauthorized access to USB device privileged IN and OUT instructions leading to Escalation of Privileges, Denial of Service, Code Execution, and Information Disclosur...

CVE-2019-15333

The Lava Flair Z1 Android device with a build fingerprint of LAVA/Z1/Z1:8.1.0/O11019/1536680131:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to programmaticall...

CVE-2025-2921

Netis WF-2404 (version 1.1.124EN) is affected by CVE-2025-2921, involving an unknown function in the /etc/passwd file. Reports indicate that manipulating input labeled as Realtek can cause the device to rely on a default password, enabling an attack on the physical device. The CVE’s access vector...

Linux Distros Unpatched Vulnerability : CVE-2019-13631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In parsehidreportdescriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an...

Linux Distros Unpatched Vulnerability : CVE-2017-8924

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The edgebulkincallback function in drivers/usb/serial/ioti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information in the dmesg...

Linux Distros Unpatched Vulnerability : CVE-2019-15219

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the...

Linux Distros Unpatched Vulnerability : CVE-2019-15218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel before 5.1.8. There is a NULL pointer dereference caused by a malicious USB device in the...

Linux Distros Unpatched Vulnerability : CVE-2017-16536

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cx231xxusbprobe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service NU...

CVE-2024-57480

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs...

PT-2024-15463 · Skyhigh +1 · Skyhigh Client Proxy +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A malicious insider exploiting this issue can circumvent existing security controls put in place by the organization. If the victim is using a temporary...

PT-2023-9090 · Bluez +8 · Bluez +8

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. User interaction is required to exploit this issue, where the target must connect to...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6033-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6033-1 advisory. It was discovered that the Traffic-Control Index TCINDEX implementation in the Linux kernel did not properly perform filter deactivation in some...

Linux Kernel Competitive Conditions Vulnerability (CNVD-2023-34462)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. The Linux Kernel suffers from a contention condition vulnerability that stems from the fact that the use of an unfinished job call btsdioremove can lead to a contention issue,...

CVE-2023-23295

Korenix Jetwave 4200 Series 1.3.0 and JetWave 3000 Series 1.6.0 are vulnerable to Command Injection via /goform/formSysCmd. An attacker an modify the sysCmd parameter in order to execute commands as root...

CVE-2021-22887

A vulnerability in the BIOS of Pulse Secure PSA-Series Hardware models PSA5000 and PSA7000 could allow an attacker to compromise BIOS firmware. This vulnerability can be exploited only as part of an attack chain. Before an attacker can compromise the BIOS, they must exploit the device...