Linux Distros Unpatched Vulnerability : CVE-2021-35635

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.26 and prior. Easily...

CVE-2025-20215

A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this...

CVE-2025-20215

Cisco Webex Meetings is affected by a certificate validation issue in the meeting-join flow. The vulnerability could let an unauthenticated, network-proximate attacker impersonate another user during the join process by monitoring local or adjacent networks and interrupting the join sequence unti...

PT-2025-32189 · Cisco · Cisco Webex Meetings

Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in the meeting-join functionality of Cisco Webex Meetings could allow an unauthenticated, network-proximate attacker to complete a meeting-join process in place...

(0Day) (Pwn2Own) Kenwood DMX958XR ReadMVGImage Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ReadMVGImage function. The issue results from the lack of proper...

(0Day) (Pwn2Own) Kenwood DMX958XR JKRadioService Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Kenwood DMX958XR. Authentication is not required to exploit this vulnerability. The specific flaw exists within the JKRadioService. The issue results from the lack of proper validation of t...

CVE-2025-54349

A flaw was found in iperf3. An off-by-one error in the iperfauth.c file leads to a heap-based buffer overflow, potentially allowing a network attacker to trigger an application-level denial of service. This overflow occurs during the processing of authentication data. The vulnerability can only b...

CVE-2025-54351

A flaw was found in iperf3. The recv function in net.c exhibits a buffer overflow when the --skip-rx-copy option is used with MSGTRUNC, allowing a network attacker to trigger the overflow. This vulnerability allows an attacker to send a specially crafted message. The resulting buffer overflow may...

Important: java-1.8.0-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15,...

CVE-2025-45768

A flaw was found in pyjwt. The library uses weak encryption, allowing an attacker to potentially decrypt sensitive data. A network-based attacker can exploit this vulnerability without authentication, possibly resulting in a denial of service or data exposure. This weakness stems from the use of...

CVE-2025-8480

CVE-2025-8480 concerns Alpine iLX-507 devices with a command-injection path in the Tidal music streaming app. The root cause is insufficient validation of a user-supplied string used to construct a system call, allowing remote code execution with the device’s privileges by network-adjacent attack...

CVE-2025-8476 Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability

Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-8472

CVE-2025-8472 affects Alpine iLX-507 devices. The vulnerability is a stack-based buffer overflow in vCard data parsing, caused by insufficient validation of the length of user-supplied data before copying to a stack buffer. Exploitation can lead to remote code execution with root privileges and r...

(Pwn2Own) QNAP TS-464 Samba Command Argument Injection Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP TS-464 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the provided username during authentication. The issue...

(Pwn2Own) Lorex 2K Indoor Wi-Fi Security Camera Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the sonia module. The issue results from the lack of...

PT-2025-31372 · Tesla · Tesla Wall Connector

Name of the Vulnerable Software and Affected Versions: Tesla Wall Connector versions 24.44.1 Tesla Wall Connector version 24.44.3 Description: This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Wall Connector devices without authentication. The issue...

CVE-2025-6260

The embedded web server on the thermostat listed version ranges contain a vulnerability that allows unauthenticated attackers, either on the local area network or from the Internet via a router with port forwarding set up, to gain direct access to the thermostat's embedded web server and reset us...

CVE-2025-44655

In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chrootlocaluser option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...

Oracle Primavera P6 Enterprise Project Portfolio Management (July 2025 CPU)

The versions of Primavera P6 Enterprise Project Portfolio Management installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering...

openjdk: Better Glyph drawing (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...