43 matches found
CVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...
CVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...
CVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...
GatesAir Flexiva-LX Series 安全漏洞
The GatesAir Flexiva-LX Series is a series of solid-state FM transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Flexiva-LX Series versions 1.0.13 and 2.0 that originates from a publicly accessible log file exposing sensitive session identifiers, which could lead to...
CVE-2025-63212
The vulnerability CVE-2025-63212 affects GatesAir Flexiva-LX devices running firmware 1.0.13 and 2.0 (LX100/LX300/LX600/LX1000). The issue is that sensitive session identifiers (sid) are written to a publicly accessible log at /log/Flexiva%20LX.log, enabling an unauthenticated attacker to hijack ...
CVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...
PT-2025-47524
Name of the Vulnerable Software and Affected Versions GatesAir Flexiva-LX versions 1.0.13 and 2.0 GatesAir Flexiva-LX models LX100, LX300, LX600, and LX1000 Description The GatesAir Flexiva-LX devices are affected by an issue where sensitive session identifiers sid are exposed in a publicly...
CVE-2025-63212
GatesAir Flexiva-LX devices on firmware 1.0.13 and 2.0, including models LX100, LX300, LX600, and LX1000, expose sensitive session identifiers sid in the publicly accessible log file located at /log/Flexiva%20LX.log. An unauthenticated attacker can retrieve valid session IDs and hijack sessions...
EUVD-2025-3054
Malicious code in bioql PyPI...
EUVD-2023-40064
Malicious code in bioql PyPI...
EUVD-2023-40063
Malicious code in bioql PyPI...
EUVD-2025-3056
Malicious code in bioql PyPI...
EUVD-2025-3055
Malicious code in bioql PyPI...
CVE-2023-36082
An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials...
CVE-2025-22961
A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...
CVE-2025-22962
A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...
CVE-2025-22960
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...
CVE-2025-22961
A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...
CVE-2025-22962
A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...
CVE-2025-22960
A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...