Microsoft SQL Server Remote Code Execution Vulnerability

Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network...

Windows Hyper-V Denial of Service Vulnerability

Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network...

Microsoft SharePoint Remote Code Execution Vulnerability

Improper control of generation of code 'code injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2025-41224

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.10.0, RUGGEDCOM RMC8388NC V5.X All versions V5.10.0, RUGGEDCOM RS416NCv2 V5.X All versions V5.10.0, RUGGEDCOM RS416PNCv2 V5.X All versions V5.10.0, RUGGEDCOM RS416Pv2 V5.X All versions V5.10.0, RUGGEDCOM RS416v2 V5.X Al...

CVE-2024-31854

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.11. During establishment of a https connection to the TLS server of a managed device, the affected application doesn't check device's certificate common name against an expected value. This could allow an attacker to execute...

Microsoft SharePoint 代码注入漏洞

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A remote code execution vulnerability...

PT-2025-28589

Name of the Vulnerable Software and Affected Versions: Windows Media affected versions not specified Description: A heap-based buffer overflow issue in Windows Media enables an unauthorized attacker to execute code over a network. This can be achieved when the attacker is on an adjacent network...

Microsoft Office Sharepoint Server 授权问题漏洞

SharePoint Server is a locally deployed enterprise collaboration platform from Microsoft that supports content sharing, knowledge management, and application integration, and works seamlessly with Microsoft 365 subscriptions to access the latest features. A spoofing vulnerability exists in...

CVE-2025-7075 BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload

A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within...

CVE-2025-7070 IROAD Dashcam Q9 MFA Pairing Request allocation of resources

A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local...

CVE-2025-6916

A vulnerability, which was classified as critical, was found in TOTOLINK T6 4.1.5cu.748B20211015. This affects the function FormLogin of the file /formLoginAuth.htm. The manipulation of the argument authCode/goURL leads to missing authentication. The attack needs to be initiated within the local...

IBM MQ 9.1 < 9.1.0.29 LTS / 9.2 < 9.2.0.36 LTS / 9.3 < 9.3.0.30 LTS / 9.3 < 9.4.3 CD / 9.4 < 9.4.0.12 LTS / 9.4.3 (7238312)

The version of IBM MQ Server running on the remote host is affected by multiple vulnerabilities as referenced in the 7238312 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions tha...

CVE-2025-6532

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...

CVE-2025-6526

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...

CVE-2025-5826

Autel MaxiCharger AC Wallbox Commercial bleprocessesp32msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not...

CVE-2025-5827

CVE-2025-5827 affects Autel MaxiCharger AC Wallbox Commercial. The root cause is a stack-based buffer overflow in ble_process_esp32_msg due to inadequate validation of user-supplied data length, enabling remote code execution. The vulnerability allows network-adjacent attackers to run arbitrary c...

CVE-2025-5826

CVE-2025-5826 concerns Autel MaxiCharger AC Wallbox Commercial. The flaw is in the ble_process_esp32_msg function, arising from misinterpretation of input data. It allows network-adjacent attackers to inject arbitrary AT commands in the device context without authentication. Documented impact is ...

CVE-2025-5824 Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pai...

CVE-2025-5824 Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability

Autel MaxiCharger AC Wallbox Commercial Origin Validation Error Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Autel MaxiCharger AC Wallbox Commercial. An attacker must first obtain the ability to pai...

CBL Mariner 2.0 Security Update: mysql (CVE-2025-30703)

The version of mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30703 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are...