Lucene search
+L

189 matches found

NVD
NVD
added 2025/08/08 4:15 p.m.7 views

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

7.5CVSS0.0008EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/08 4:0 p.m.12 views

CVE-2025-52586 EG4 Electronics EG4 Inverters Cleartext Transmission of Sensitive Information

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

7.5CVSS0.0008EPSS
Exploits0References3
NVD
NVD
added 2025/07/24 9:15 p.m.5 views

CVE-2025-6260

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset us...

9.8CVSS0.00463EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/07/20 10:14 a.m.6 views

CVE-2025-7882 Mercusys MW301R Login excessive authentication

A vulnerability was found in Mercusys MW301R 1.0.2 Build 190726 Rel.59423n. It has been rated as problematic. This issue affects some unknown processing of the component Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack can only be initiated...

3.1CVSS3.8AI score0.00291EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/05 11:32 p.m.2 views

CVE-2025-7075 BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload

A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within...

6.3CVSS6.8AI score0.00754EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/07/04 9:32 p.m.13 views

CVE-2025-7070 IROAD Dashcam Q9 MFA Pairing Request allocation of resources

A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local...

5.3CVSS0.00796EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/07/02 5:24 p.m.18 views

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

8.8CVSS7AI score0.00747EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/26 12:37 a.m.7 views

CVE-2025-6532

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...

5.3CVSS7.1AI score0.00417EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/06/25 10:55 p.m.15 views

CVE-2025-6526

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...

3.1CVSS3.7AI score0.00501EPSS
Exploits1References1
NVD
NVD
added 2025/06/24 12:15 a.m.7 views

CVE-2025-6532

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...

5.3CVSS0.00417EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/06/23 10:31 p.m.20 views

CVE-2025-6528 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...

5.3CVSS0.00563EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/06/23 10:0 p.m.18 views

CVE-2025-6526 70mai M300 HTTP Server insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...

3.1CVSS0.00501EPSS
Exploits1References4
CVE
CVE
added 2025/06/23 10:0 p.m.34 views

CVE-2025-6526

CVE-2025-6526 affects 70mai M300 up to 20250611, specifically the HTTP Server component. The vulnerability arises from insufficient protection of credentials, enabling an attack that can be performed from within the local network. The documented attack complexity is high and exploitation is descr...

5.3CVSS6.7AI score0.00501EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/23 9:31 p.m.4 views

CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization

A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...

5.3CVSS7AI score0.00236EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.11 views

PT-2025-26649

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue has been found in the HTTP Server component, leading to insufficiently protected credentials. The attack can only be done within the local network and has a high complexity,...

5.3CVSS3.1AI score0.00501EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/06/23 12:0 a.m.11 views

PT-2025-26650

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue was found in the Web Server component, affecting an unknown function. This leads to improper access controls. The attack can only be initiated within the local network and ha...

3.1CVSS2.9AI score0.00489EPSS
Exploits1References8
Vulnrichment
Vulnrichment
added 2025/06/16 9:0 p.m.5 views

CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

3.9CVSS4.1AI score0.00331EPSS
Exploits1References5
CVE
CVE
added 2025/06/16 9:0 p.m.34 views

CVE-2025-6139

CVE-2025-6139 affects TOTOLINK T10, version 4.1.8cu.5207. A vulnerability in the file /etc/shadow.sample allows use of a hard-coded password due to trust-management weaknesses. Attack requires proximity (local network) with high complexity, and the vulnerability potentially impacts confidentialit...

3.9CVSS4.2AI score0.00331EPSS
Exploits1References5Affected Software1
GithubExploit
GithubExploit
added 2025/06/11 10:27 a.m.369 views

Exploit for Use After Free in Apple Ipados

CVE-2025-24252 iOS "Airborne" Vulnerabilities - Log Artifact E...

9.8CVSS6.1AI score0.0127EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:11 a.m.13 views

CVE-2023-39535

AMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper input validation via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability...

7.8CVSS6.7AI score0.00206EPSS
Exploits0
Rows per page
Query Builder