Azure Linux 3.0 Security Update: mysql (CVE-2025-30715)

The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-30715 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Components Services. Supported...

CVE-2025-6532

A vulnerability classified as problematic was found in NOYAFA/Xiami LF9 Pro up to 20250611. Affected by this vulnerability is an unknown functionality of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper access controls. The attack can only be initiated within the...

CVE-2025-6528 70mai M300 RTSP Live Video Stream Endpoint 12 improper authentication

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to...

CVE-2025-6526

CVE-2025-6526 affects 70mai M300 up to 20250611, specifically the HTTP Server component. The vulnerability arises from insufficient protection of credentials, enabling an attack that can be performed from within the local network. The documented attack complexity is high and exploitation is descr...

CVE-2025-6526 70mai M300 HTTP Server insufficiently protected credentials

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...

CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization

A vulnerability classified as problematic was found in 70mai 1S up to 20250611. This vulnerability affects unknown code of the file /cgi-bin/Config.cgi?action=set of the component Configuration Handler. The manipulation leads to improper authorization. The attack needs to be approached within the...

CVE-2025-5476

Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

PT-2025-26650

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue was found in the Web Server component, affecting an unknown function. This leads to improper access controls. The attack can only be initiated within the local network and ha...

PT-2025-26649

Name of the Vulnerable Software and Affected Versions: 70mai M300 versions up to 20250611 Description: A problematic issue has been found in the HTTP Server component, leading to insufficiently protected credentials. The attack can only be done within the local network and has a high complexity,...

CVE-2025-5477

Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow is disclosed as CVE-2025-5477. The flaw is in the Bluetooth L2CAP data length validation, leading to heap-based buffer overflow in the elysian-bt-service process. Attack requires proximity to pair a malicious Bluetooth device, en...

CVE-2025-6139

CVE-2025-6139 affects TOTOLINK T10, version 4.1.8cu.5207. A vulnerability in the file /etc/shadow.sample allows use of a hard-coded password due to trust-management weaknesses. Attack requires proximity (local network) with high complexity, and the vulnerability potentially impacts confidentialit...

CVE-2025-6139 TOTOLINK T10 shadow.sample hard-coded password

A vulnerability, which was classified as problematic, has been found in TOTOLINK T10 4.1.8cu.5207. Affected by this issue is some unknown functionality of the file /etc/shadow.sample. The manipulation leads to use of hard-coded password. The attack can only be initiated within the local network...

TencentOS Server 3: edk2 (TSSA-2024:0190)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0190 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

B&R Automation Runtime Allocation of Resources Without Limits or Throttling (CVE-2023-3242)

Improper initialization implementation in Portmapper used in B&R Industrial Automation Automation Runtime G4.93 allows unauthenticated network-based attackers to cause permanent denial-of-service conditions. This plugin only works with Tenable.ot. Please visit...

CVE-2025-49081 Input validation vulnerability in the Secure Access prior to version 13.55

There is an insufficient input validation vulnerability in the warehouse component of Absolute Secure Access prior to server version 13.55. Attackers with system administrator permissions can impair the availability of the Secure Access administrative UI by writing invalid data to the warehouse...

CVE-2025-49080

There is a memory management vulnerability in Absolute Secure Access server versions 9.0 to 13.54. Attackers with network access to the server can cause a Denial of Service by sending a specially crafted sequence of packets to the server. The attack complexity is low, there are no attack...

CVE-2025-47166

Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

CVE-2025-47172

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

Security Updates for Microsoft Visual Studio 2022 Products (June 2025)

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including: - Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. CVE-2025-30399 - Improper neutralization of...

Exploit for Use After Free in Apple Ipados

CVE-2025-24252 iOS "Airborne" Vulnerabilities - Log Artifact E...