EUVD-2023-54440

Malicious code in bioql PyPI...

EUVD-2022-39463

Malicious code in bioql PyPI...

EUVD-2025-22004

Malicious code in bioql PyPI...

EUVD-2022-34158

Malicious code in bioql PyPI...

EUVD-2025-6673

Malicious code in bioql PyPI...

PT-2025-27462 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748 B20211015 Description: A critical vulnerability was found in the TOTOLINK T6, affecting the Form Login function of the file /formLoginAuth.htm. The manipulation of the authCode/goURL argument leads to missing...

CVE-2025-6529

A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has...

CVE-2025-6532 NOYAFA/Xiami LF9 Pro RTSP Live Video Stream Endpoint access control

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...

CVE-2025-6529

A vulnerability was found in 70mai M300 up to 20250611 and classified as critical. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The exploit has...

CVE-2024-6746

A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \EasySpider\resources\app\server.js of the component HTTP GET Request Handler. The manipulation with the input...

CVE-2025-2547

A vulnerability, which was classified as problematic, has been found in D-Link DIR-618 and DIR-605L 2.02/3.02. This issue affects some unknown processing of the file /goform/formAdvNetwork. The manipulation leads to improper access controls. The attack can only be done within the local network. T...

CVE-2025-2548

CVE-2025-2548 affects D-Link DIR-618 and DIR-605L (firmware versions 2.02/3.02) with an access-control error in the file /goform/formSetDomainFilter. The root cause is improper access controls on that endpoint, enabling local-network attackers to manipulate settings. Multiple sources (NVD, CNVD, ...

PT-2025-12343 · D Link · D-Link Dir-605L +1

Name of the Vulnerable Software and Affected Versions: D-Link DIR-618 versions 2.02/3.02 D-Link DIR-605L versions 2.02/3.02 Description: A vulnerability has been found that affects an unknown part of the file /goform/formSetPortTr, leading to improper access controls. This issue requires access t...

CVE-2025-2397

CVE-2025-2397 affects multiple China Mobile gateway devices: P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P, and GT3200-8G8P (affected up to 20250305). The issue is in the Telnet Service and is described as an improper authorization vulnerability. Exploitation is possible from the local n...

CVE-2025-2341

CVE-2025-2341 affects IROAD Dash Cam X5 (up to 20250203). The issue involves processing of a component SSID that can be manipulated to use default credentials. Exploitation requires local-network access with high attack complexity; the exploit has been disclosed publicly. Multiple sources (NVD, R...

CVE-2022-29840 Server Side Request Forgery Vulnerability in Western Digital My Cloud Devices

Server-Side Request Forgery SSRF vulnerability that could allow a rogue server on the local network to modify its URL to point back to the loopback adapter was addressed in Western Digital My Cloud OS 5 devices. This could allow the URL to exploit other vulnerabilities on the local server.This...

Using Java from Javascript

Opera and Netscape browsers allow you to include java methods calls in your javascript . As Javascript has support for objects you can use objects returned by these calls in your scripts . I have been looking for information about the possibly security implications and vulnerabilities published...