EUVD-2025-16270

Malicious code in bioql PyPI...

DEBIAN-CVE-2025-4444

A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-9381 FNKvision Y215 CCTV Camera wpa_supplicant.conf information disclosure

A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpasupplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as...

CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

CVE-2025-7464

CVE-2025-7464 affects osrg GoBGP up to version 3.37.0. The vulnerability is in SplitRTR (pkg/packet/rtr/rtr.go) where input handling allows an out-of-bounds read, with remote feasibility and high attack complexity. The patch is identified as e748f43496d74946d14fed85c776452e47b99d64; upgrading to ...

CVE-2025-6530

The CVE-2025-6530 entry concerns 70mai M300’s Telnet Service, specifically an issue in the demo.sh component that can cause a denial of service. The vulnerability mechanism is described as a manipulation of demo.sh, with the attacker needing local-network access and facing high attack complexity;...

CVE-2025-6526 70mai M300 HTTP Server insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...

CVE-2025-5323

A vulnerability, which was classified as problematic, has been found in fossasia open-event-server 1.19.1. This issue affects the function sendemailchangeuseremail of the file /fossasia/open-event-server/blob/development/app/api/helpers/mail.py of the component Mail Verification Handler. The...

CVE-2025-0567

A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack ...

CVE-2024-1432

UNSUPPORTED WHEN ASSIGNED A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function applyxseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of ...

CVE-2024-0350

A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The...

CVE-2024-11049

A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /authfiles/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an atta...

AWorld OS Command Injection vulnerability

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

CVE-2025-4032

A vulnerability was found in inclusionAI AWorld up to 8c257626e648d98d793dd9a1a950c2af4dd84c4e. It has been rated as critical. This issue affects the function subprocess.run/subprocess.Popen of the file AWorld/aworld/virtualenvironments/terminals/shelltool.py. The manipulation leads to os command...

PT-2025-17966 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 5.16.0 Description: A vulnerability has been found in ChurchCRM, affecting some unknown functionality of the component Referer Handler. This issue leads to server-side request forgery and can be launched remotely. The...

CVE-2025-2555

A vulnerability classified as problematic has been found in Audi Universal Traffic Recorder App 2.0. Affected is an unknown function of the component FTP Credentials. The manipulation leads to use of hard-coded password. Attacking locally is a requirement. The complexity of an attack is rather...

CVE-2025-2349

A vulnerability was found in IROAD Dash Cam FX2 up to 20250308. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /etc/passwd of the component Password Hash Handler. The manipulation leads to password hash with insufficient computational...

CVE-2025-2341

A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an...

Linux Distros Unpatched Vulnerability : CVE-2025-1179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in GNU Binutils 2.43. It has been rated as critical. Affected by this issue is the function bfdputl64 of the file bfd/libbfd.c of the...

Linux Distros Unpatched Vulnerability : CVE-2022-3629

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in Linux Kernel. It has been declared as problematic. This vulnerability affects the function vsockconnect of the file...