EUVD-2026-25305

KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balanceserve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authentication and deserializes incoming messages using pickle.loads without validation. Attackers can...

CVE-2026-41039

This vulnerability exists in Quantum Networks router due to improper access control and insecure default configuration in the web-based management interface. An unauthenticated attacker could exploit this vulnerability by accessing exposed API endpoints on the targeted device. Successful...

CVE-2026-4483

An exposed IOCTL with an insufficient access control vulnerability has been identified in the utility, MxGeneralIo, for Moxa’s industrial x86 computers. The affected utility, MxGeneralIo, exposes IOCTL methods that permit direct read and write access to MSR and system memory. A local attacker wit...

PT-2026-31106

Name of the Vulnerable Software and Affected Versions Moxa MxGeneralIo affected versions not specified Description A utility, MxGeneralIo, for Moxa’s industrial x86 computers has an exposed IOCTL with insufficient access control. The utility exposes IOCTL methods that allow direct read and write...

PT-2026-5396

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 12.0 through 12.11.6 WatchGuard Fireware OS versions 12.5 through 12.5.15 WatchGuard Fireware OS versions 2025.1 through 2026.0 Description A flaw exists in WatchGuard Fireware OS that could allow a remote,...

Dormakaba registration unit 9002 security vulnerabilities

The Dormakaba Registration Units 9002 is a password input panel developed by the American company Dormakaba. There is a security vulnerability associated with the Dormakaba Registration Units 9002; this vulnerability stems from the exposed UART interface, which can leak button press data,...

Rockwell Automation FactoryTalk DataMosaix Private Cloud 安全漏洞

Rockwell Automation FactoryTalk DataMosaix Private Cloud is an industrial data platform product from Rockwell Automation USA. A SQL injection vulnerability exists in Rockwell Automation FactoryTalk DataMosaix Private Cloud, which can be exploited by an attacker to perform sensitive database...

PT-2025-49867

CVE-2025-12807 A security issue was discovered in DataMosaix Private Cloud, allowing users with low privilege to perform sensitive database operations through exposed API endpoints. https://t.co/lEhiHUNcHf...

CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering

TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...

CVE-2025-54304

An issue was discovered on Thermo Fisher Ion Torrent OneTouch 2 INS1005527 devices. When they are powered on, an X11 display server is started. The display server listens on all network interfaces and is accessible over port 6000. The X11 access control list, by default, allows connections from...

CVE-2025-60856

Reolink Video Doorbell WiFi DB566128M5MPW allows root shell access through an unsecured UART/serial console. An attacker with physical access can connect to the exposed interface and execute arbitrary commands with root privileges. NOTE: this is disputed by the Supplier because of "certain...

Clash Verge Rev 安全漏洞

Clash Verge Rev is an open source proxy tool from Clash Verge Rev. A security vulnerability exists in Clash Verge Rev 2.2.3 and earlier versions, which stems from installing system services by default and exposing critical functionality via an unauthorized HTTP API, which could lead to local...

EUVD-2023-38071

Malicious code in bioql PyPI...

TECNO com.transsion.carlcare 安全漏洞

TECNO com.transsion.carlcare is a mobile application from Transsion TECNO, a Chinese company. A security vulnerability exists in TECNO com.transsion.carlcare that originates from an interface exposure that could lead to information disclosure...

CVE-2024-35279

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.4 through 7.2.8 and version 7.4.0 through 7.4.4 allows a remote unauthenticated attacker to execute arbitrary code or commands via crafted UDP packets through the CAPWAP control, provided the attacker were able to...

CVE-2024-47138

The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed...

SUSE CVE-2024-7595

GRE and GRE6 Protocols RFC2784 do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered simil...

SUSE CVE-2024-7596

Proposed Generic UDP Encapsulation GUE IETF Draft do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can ...

IPv6-in-IPv4 tunneling 安全漏洞

IPv6-in-IPv4 tunneling is an IETF-organized basic conversion mechanism for IPv6 hosts and routers. A security vulnerability exists in IPv6-in-IPv4 tunneling that originates from an unauthenticated network packet source, which could allow an attacker to forge and route arbitrary traffic through an...

CVE-2025-23018

IPv4-in-IPv6 and IPv6-in-IPv6 tunneling RFC 2473 do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136...