EUVD-2025-3056

Malicious code in bioql PyPI...

EUVD-2025-3055

Malicious code in bioql PyPI...

CVE-2025-22961

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...

CVE-2025-22960

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...

CVE-2025-22961

A critical information disclosure vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters due to Incorrect Access Control CWE-284. Unauthenticated attackers can directly access sensitive database backup files snapshotusers.db via publicly exposed URLs...

CVE-2025-22960

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...

CVE-2025-22960

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...

CVE-2025-22960

The CVE-2025-22960 issue affects GatesAir Maxiva UAXT/VAXT transmitters, where the web-based management interface exposes log files at /logs/debug/xteLog* that can reveal session-related data (sess_id, user_check_password OK). Unauthenticated attackers could hijack active sessions and gain unauth...

CVE-2025-22962

The CVE-2025-22962 issue affects GatesAir Maxiva UAXT and VAXT transmitters’ web-based management interface. The root cause is improper request handling when debugging mode is enabled, allowing an attacker with a valid sess_id to send crafted POST requests to /json and achieve arbitrary command e...

CVE-2025-22961

CVE-2025-22961 affects GatesAir Maxiva UAXT/VAXT transmitters (web-based management interface). The issue is caused by Incorrect Access Control (CWE-284) , allowing unauthenticated users to directly access sensitive database backup files (snapshot_users.db) via publicly exposed URLs (/logs/devcfg...

PT-2025-6970 · Gatesair · Gatesair Maxiva Vaxt

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters affected versions not specified Description: A critical information disclosure issue exists in the web-based management interface due to Incorrect Access Control. Unauthenticated attackers can access...

GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Maxiva UAXT, VAXT that stems from incorrect access control, resulting in a serious information disclosure vulnerability in the web-based management interface. An unauthenticated attacker...

CVE-2025-22960

A session hijacking vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters. Unauthenticated attackers can access exposed log files /logs/debug/xteLog, potentially revealing sensitive session-related information such as session IDs sessid and...

PT-2025-6969 · Gatesair · Gatesair Maxiva Vaxt

Name of the Vulnerable Software and Affected Versions: GatesAir Maxiva UAXT, VAXT transmitters affected versions not specified Description: A session hijacking issue exists in the web-based management interface, allowing unauthenticated attackers to access exposed log files at "/logs/debug/xteLog...

GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in the GatesAir Maxiva UAXT Transmitter and VAXT Transmitter that stems from improperly validated POST request processing when debug mode is enabled, resulting in remote code execution...

GatesAir Maxiva 安全漏洞

GatesAir Maxiva is a series of transmitters from GatesAir USA. A security vulnerability exists in GatesAir Maxiva that stems from a session hijacking vulnerability in the web management interface. An unauthenticated attacker could access exposed log files...

CVE-2025-22962

A critical remote code execution RCE vulnerability exists in the web-based management interface of GatesAir Maxiva UAXT, VAXT transmitters when debugging mode is enabled. An attacker with a valid session ID sessid can send specially crafted POST requests to the /json endpoint, enabling arbitrary...