CVE-2025-60024

Multiple Improper Limitations of a Pathname to a Restricted Directory 'Path Traversal' vulnerabilities CWE-22 vulnerability in Fortinet FortiVoice 7.2.0 through 7.2.2, FortiVoice 7.0.0 through 7.0.7 may allow a privileged authenticated attacker to write arbitrary files via specifically HTTP or...

CVE-2025-8110

CVE-2025-8110 affects Gogs self-hosted Git service versions 0.13.3 and earlier, due to improper symbolic link handling in PutContents that allows a symlink to target outside the repository, enabling remote code execution. Root cause: API writes to file paths without validating symlinks. Impact: l...

EUVD-2025-202391

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

CVE-2025-9056 describes an unprotected service in the AudioLink component that allows a local attacker to overwrite system files via unauthorized service invocation. The issue is documented across multiple feeds (NVD, Red Hat, EUVD, CIRCL, CNNVD, etc.) with consistent description. Affected compon...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

CVE-2025-9056

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

EUVD-2025-202360

PipesHub is a fully extensible workplace AI platform for enterprise search and workflow automation. Versions prior to 0.1.0-beta expose POST /api/v1/record/buffer/convert through missing authentication. The endpoint accepts a file upload and converts it to PDF via LibreOffice by uploading payload...

pipeshub-ai 代码问题漏洞

pipeshub-ai is an enterprise automation platform open-sourced by PipesHub AI - The Open Source Alternative to Glean. A code issue vulnerability exists in versions prior to pipeshub-ai 0.1.0-beta, which stems from a lack of authentication and could allow an attacker to remotely overwrite files or...

Tecno AudioLink 安全漏洞

Tecno AudioLink is an audio linking software in cell phones from the Chinese company Tecno. A security vulnerability exists in Tecno AudioLink, which stems from insufficient protection of the AudioLink component service and could allow a local attacker to overwrite system files...

CVE-2025-65824

The CVE describes an unauthenticated proximity attack against the Meatmeet device where an adversary can perform an unauthorized OTA firmware upgrade over BLE. The upgrade mechanism does not verify authenticity, allowing the attacker to overwrite the device firmware with their code and trigger Re...

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

CVE-2025-65824

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

PT-2025-50303

Unprotected service in the AudioLink component allows a local attacker to overwrite system files via unauthorized service invocation...

Apache HTTP Server Security Bypass Vulnerability (CNVD-2025-3083394)

Apache HTTP Server is the United States Apache Apache Foundation of an open source web server . The server is fast, reliable and can be expanded through a simple API. A security bypass vulnerability exists in Apache HTTP Server versions 2.4.0 through 2.4.65 due to incorrect neutralization of...

CVE-2025-67488

SiYuan is self-hosted, open source personal knowledge management software. Versions 0.0.0-20251202123337-6ef83b42c7ce and below contain function importZipMd which is vulnerable to ZipSlips, allowing an authenticated user to overwrite files on the system. An authenticated user with access to the...

CVE-2021-47731

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

CVE-2021-47731

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

CVE-2021-47731 Selea Targa IP Camera Developer Backdoor Configuration Overwrite

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...