CVE-2025-1269

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing. This issue affects Liman MYS: before 2.1.1 - 1010...

CVE-2025-1269

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing.This issue affects Liman MYS: before 2.1.1 - 1010...

CVE-2025-1269

CVE-2025-1269 describes a URL Redirection to Untrusted Site vulnerability (Open Redirect) in HAVELSAN Liman MYS. According to connected sources, the issue affects Liman MYS versions prior to 2.1.1 - 1010 and enables Cross‑Site Flashing through improper URL redirection. The root cause is a URL inp...

CVE-2025-1269 Open Redirect in HAVELSAN's Open Source Project Liman MYS

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in HAVELSAN Liman MYS allows Cross-Site Flashing. This issue affects Liman MYS: before 2.1.1 - 1010...

PT-2025-6870

Name of the Vulnerable Software and Affected Versions: HAVELSAN Liman MYS versions prior to 2.1.1 - 1010 Description: The issue affects HAVELSAN Liman MYS, allowing Cross-Site Flashing due to a URL Redirection to Untrusted Site 'Open Redirect' vulnerability. Recommendations: For versions prior to...

Dodgy disks. My 32TB SSD Adventure

TL;DR "Hard drive” had reflashed firmware to make it look larger Buyer beware: Cheap storage may not be the value you think it is Background Earlier this year I found myself in need of various cheap electronic components. So naturally I turned to AliExpress. I came across a listing for a cheap...

Cross-site Flashing

typo3/cms is vulnerable to Cross-site Flashing. The vulnerability is due to missing validation of flash and image files, allowing the embedding of flash videos from external domains...

GHSA-QRXH-46MR-PR7Q TYPO3 is susceptible to Cross-Site Flashing

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains...

TYPO3 is susceptible to Cross-Site Flashing

The flashplayer misses to validate flash and image files. Therefore it is possible to embed flash videos from external domains...

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images...

PT-2024-7445 · Samsung · Samsung Android

Name of the Vulnerable Software and Affected Versions: Samsung Android mobile devices affected versions not specified Samsung Android mobile devices versions prior to SMR May-2024 Release 1 Description: The issue is related to weaknesses in the authentication procedure of the bootloader component...

VulnCheck KEV: CVE-2024-29745

Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices...

PT-2024-21795 · Esphome · Esphome

Name of the Vulnerable Software and Affected Versions: ESPHome versions 2023.12.9 through 2024.2.2 Description: The issue allows a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. A malicious authenticated user can inject arbitrary...

PT-2024-1567 · Pax · Paydroid

Name of the Vulnerable Software and Affected Versions: PAX A920Pro/A50 devices with PayDroid versions 8.1.0 Sagittarius V11.1.50 20230614 or earlier Description: The issue exists due to insufficient input validation in the PayDroid operating system, allowing an attacker to execute arbitrary code...

fastrack Reflex 安全漏洞

The fastrack Reflex is a smart wearable device from fastrack. A security vulnerability exists in fastrack Reflex version 2.0 W307SREFLEXv90.89, which stems from a vulnerability that could allow a physically proximate attacker to dump the firmware, flash customized malicious firmware, and brick th...

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Over a dozen security flaws have been discovered in baseboard management controller BMC firmware from Lanner that could expose operational technology OT and internet of things IoT networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip SoC, that's found in serv...

CVE-2022-36360

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...

GHSA-3F58-74QW-PH75 TYPO3 allows remote attackers to embed Flash videos from external domain

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."...

TYPO3 allows remote attackers to embed Flash videos from external domain

The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote attackers to embed Flash videos from external domains via unspecified vectors, aka "Cross-Site Flashing."...

Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12090)

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle...