CVE-2025-2958

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done...

CVE-2025-2956

A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0 /1.0.8.S0 and classified as problematic. This issue affects the function pluginscallhandleuriraw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be...

CVE-2025-2820 Denial of Service

An authenticated attacker can compromise the availability of the device via the network...

Medium: java-23-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23; Oracle GraalVM for JDK: 17.0.12...

CVE-2024-45480

An improper control of generation of code 'Code Injection' vulnerability in the AprolCreateReport component of B&R APROL 4.4-00P5 may allow an unauthenticated network-based attacker to read files from the local system...

CVE-2025-2688

TOTOLINK A3000RU (firmware up to 5.9c.5185) is affected by an Access Control/ improper permission issue in the Syslog Configuration File Handler, specifically the file /cgi-bin/ExportSyslog.sh. The vulnerability arises from improper access controls on an unknown functionality, enabling escalation...

CVE-2025-2556

A vulnerability classified as problematic was found in Audi UTR Dashcam 2.0. Affected by this vulnerability is an unknown functionality of the component Video Stream Handler. The manipulation leads to hard-coded credentials. The attack can only be initiated within the local network. The exploit h...

CVE-2025-2549

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local...

CVE-2025-29814

Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network...

Microsoft Edge 安全漏洞

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A security vulnerability exists in Microsoft Edge that stems from allowing unauthorized attackers to execute code over the network...

CVE-2025-2550

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this issue is some unknown functionality of the file /goform/formSetDDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack needs to be initiate...

CVE-2025-2552 D-Link DIR-618/DIR-605L formTcpipSetup access control

A vulnerability was found in D-Link DIR-618 and DIR-605L 2.02/3.02. It has been declared as problematic. This vulnerability affects unknown code of the file /goform/formTcpipSetup. The manipulation leads to improper access controls. Access to the local network is required for this attack to...

CVE-2025-2550

CVE-2025-2550 affects D-Link DIR-618 and DIR-605L (versions 2.02/3.02). The vulnerability is an access-control flaw in the DDNS service endpoint /goform/formSetDDNS, enabling improper access within the local network. Multiple sources (NVD, CNVD/CNNVD, Red Hat) describe the issue as an access-cont...

CVE-2025-2549 D-Link DIR-618/DIR-605L formSetPassword access control

A vulnerability has been found in D-Link DIR-618 and DIR-605L 2.02/3.02 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /goform/formSetPassword. The manipulation leads to improper access controls. The attack needs to be done within the local...

GHSA-P2WH-W96X-W232 Ollama Denial of Service (DoS) via Null Pointer Dereference

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service DoS attack via remote network...

CVE-2025-0312 NULL Pointer Dereference in ollama/ollama

A vulnerability in ollama/ollama versions =0.3.14 allows a malicious user to create a customized GGUF model file that, when uploaded and created on the Ollama server, can cause a crash due to an unchecked null pointer dereference. This can lead to a Denial of Service DoS attack via remote network...

CVE-2025-2341

A vulnerability was found in IROAD Dash Cam X5 up to 20250203. It has been rated as problematic. This issue affects some unknown processing of the component SSID. The manipulation leads to use of default credentials. The attack needs to be initiated within the local network. The complexity of an...

CVE-2025-30109

CVE-2025-30109 affects the IROAD APK (version 5.2.5). The issue arises from hardcoded credentials in the APK for ports 9091 and 9092, enabling an attacker on the local Wi‑Fi network to access API endpoints and retrieve sensitive device information, including live and recorded footage. The provide...

CVE-2025-30109

In the IROAD APK 5.2.5, there are Hardcoded Credentials in the APK for ports 9091 and 9092. The mobile application for the dashcam contains hardcoded credentials that allow an attacker on the local Wi-Fi network to access API endpoints and retrieve sensitive device information, including live and...

PT-2025-12563 · Totolink · Totolink A3000Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3000RU versions up to 5.9c.5185 Description: A problematic issue was found in the Syslog Configuration File Handler component, specifically in the file /cgi-bin/ExportSyslog.sh. This issue leads to improper access controls. The atta...