73 matches found
CVE-2025-7789
Summary of CVE-2025-7789 : The issue affects the xxl-job framework (versions up to 3.1.1). The vulnerable component is the makeToken function in IndexController.java (Token Generation). The root cause is password hashing with insufficient computational effort, enabling a remote attack; exploitati...
CVE-2025-6763
The CVE-2025-6763 entry concerns a missing authentication issue in the Web-based Management Interface of multiple Comet System products (T0510, T3510, T3511, T4511, T6640, T7511, T7611, P8510, P8552, H3531) version 1.60. The vulnerability centers on the file /setupA.cfg; manipulation of this file...
CVE-2025-6530
A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of ...
CVE-2025-6527
A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the local network. The complexity of an attack is...
CVE-2025-6524 70mai 1S Video Services improper authentication
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is...
CVE-2025-26394
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...
CVE-2025-26394
SolarWinds Observability Self-Hosted is susceptible to an open redirection vulnerability. The URL is not properly sanitized, and an attacker could manipulate the string to redirect a user to a malicious site. The attack complexity is high, and authentication is required...
CVE-2025-26394
CVE-2025-26394 affects SolarWinds Observability Self-Hosted and is an open redirection vulnerability caused by insufficient URL sanitization. The core issue is improper URL cleanup that could redirect users to a malicious site. The CVE entry lists CVSS v3.1 base score 4.8 (Medium) with adjacent a...
CVE-2025-5715
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...
CVE-2025-5715 Signal App Biometric Authentication missing critical step in authentication
A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...
CVE-2025-5645 Radare2 radiff2 pal.c r_cons_pal_init memory corruption
A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...
CVE-2025-5644 Radare2 radiff2 cons.c r_cons_flush use after free
A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function rconsflush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach thi...
CVE-2025-5323
CVE-2025-5323 affects fossasia open-event-server 1.19.1, specifically the Mail Verification Handler’s function send_email_change_user_email . The issue is described as relying on obfuscation or encryption of security-relevant inputs without integrity checks, with possible remote activation and hi...
CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path
A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexi...
CVE-2025-0575
A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity...
CVE-2025-0870
A vulnerability was found in Axiomatic Bento4 up to 1.6.0-641. It has been rated as critical. Affected by this issue is the function AP4DataBuffer::GetData in the library Ap4DataBuffer.h. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The complexity of ...
CVE-2024-10073
A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...
CVE-2024-11619
A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The...
CVE-2025-3177
Concerning CVE-2025-3177, multiple connected sources confirm a vulnerability in FastCMS 0.1.5 affecting the JWT Handler component, specifically the use of a hard-coded cryptographic key. Access is remote, attack complexity is high, and no privileges are required. The Public disclosure status is n...
CVE-2025-27704
CVE-2025-27704 affects Absolute Secure Access (Secure Access administrative console) prior to version 13.53. The issue is a cross-site scripting vulnerability that can be exploited by a user with system administrator permissions to interfere with another admin’s session when they are logged into ...