CVE-2025-64385

CVE-2025-64385 affects Circutor TCPRS1plus. The issue arises when configuring the device via UDP through the manufacturer’s software, where any aspect of the initial configuration can be changed by the device’s MAC address without authentication. The vulnerability is observed in the UDP configura...

PT-2025-44633

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The equipment can be initially configured using the manufacturer's application, Wi-Fi, a web server, or the manufacturer’s software. Configuration via UDP using...

Circutor TCPRS1plus 安全漏洞

Circutor TCPRS1plus is a communication converter from Circutor Spain. A security vulnerability exists in Circutor TCPRS1plus that originates from modifying the initial configuration without authentication when communicating over UDP, which could lead to unauthorized configuration changes...

GO-2025-4047 Mattermost Server: initial_load API exposes unnecessary information in github.com/mattermost/mattermost-server

Mattermost Server: initialload API exposes unnecessary information in github.com/mattermost/mattermost-server. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports fr...

HP Card Readers (B Models) – Potential Information Disclosure

The following HP Card Readers B Models X3D03B & Y7C05B are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions —e.g., when an NFC device such as a smartphone/smartwatches is in proximity during a card swipe event. HP has determin...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...

SUSE CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

CVE-2025-40071

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

AZL-68942 CVE-2025-40071 affecting package kernel for versions less than 6.6.112.1-2

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

CVE-2025-40071

CVE-2025-40071 pertains to the Linux kernel tty n_gsm handling. The issue arises when opening a DLC channel: gsm_queue() processes frames and invokes gsm_dlci_open() → gsm_modem_update(). In basic encoding, gsm_modem_upd_via_msc() could block the input queue waiting for a Modem Status Command (MS...

CVE-2025-40071 tty: n_gsm: Don't block input queue by waiting MSC

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: Don't block input queue by waiting MSC Currently gsmqueue processes incoming frames and when opening a DLC channel it calls gsmdlciopen which calls gsmmodemupdate. If basic mode is used it calls gsmmodemupdviamsc and i...

Stored Cross-Site Scripting (XSS)

n8n is vulnerable to Stored Cross-Site Scripting XSS. The vulnerability is due to improper sanitization of user input in the initialMessages field of the @n8n/n8n-nodes-langchain.chatTrigger component, which allows an attacker to inject malicious JavaScript that executes in the browser of users...

EUVD-2025-35944

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12285

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12285

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

CVE-2025-12285

The CVE-2025-12285 entry concerns Azure Access Technology BLU-IC2 and BLU-IC4 (through 1.19.5) with a missing initial password change. Connected sources confirm affected devices are networked access controllers from BLU-IC2/BLU-IC4 lines, and that the issue stems from not changing the initial def...

CVE-2025-12285 Missing Initial Password Change

Missing Initial Password Change.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. A security vulnerability exists in the Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 that stems from a missing initial password...

Physical Address Bit Leakage on AMD SEV-SNP Systems

Revisions Revision Date| Description ---|--- 2025-10-20| Initial publication...

Prefetcher Side Channel Attack

Revisions Revision Date| Description ---|--- 2025-10-17| Initial publication...