EUVD-2025-201811

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

CVE-2025-65230

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...

CVE-2025-14126

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

Lyrion Music Server 安全漏洞

Lyrion Music Server is an audio server software from the Lyrion organization. A security vulnerability exists in Lyrion Music Server 9.0.3 and earlier versions, which stems from a lack of output coding in the web interface and could lead to stored cross-site scripting...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

CVE-2025-65230

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...

CVE-2025-65228

A stored cross-site scripting vulnerability exists in the web management interface of the R.V.R. Elettronica TLK302T telemetry controller firmware 1.5.1799...

PT-2025-49594

Barix Instreamer v04.06 and v04.05 contains a stored cross-site scripting XSS vulnerability in the Web UI Configuration Streaming Destination input...

CVE-2025-65228

TLK302T telemetry controller (firmware 1.5.1799) contains a stored cross-site scripting vulnerability in its web management interface. The issue affects the web UI component, enabling script injection that could impact other users’ browsers when the interface is accessed. Root cause details are n...

CVE-2025-65229

Summary (CVE-2025-65229) : A stored XSS exists in Lyrion Music Server (≤ 9.0.3) via the web interface. An authenticated user with access to Settings → Player can save arbitrary HTML/JavaScript in the Player name field. The value is stored by the server and later rendered without proper output enc...

EUVD-2025-201542

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126 TOZED ZLT M30S/ZLT M30S PRO Web hard-coded credentials

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126 TOZED ZLT M30S/ZLT M30S PRO Web hard-coded credentials

A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...

CVE-2025-14126

The CVE-2025-14126 affects TOZED ZLT M30S and ZLT M30S PRO devices (versions 1.47 and 3.09.06) where a vulnerability exists in the Web Interface component that leads to hard-coded credentials being exposed. This requires local-network access and is supported by multiple sources in the Connected d...

CVE-2025-66416 vulnerabilities

Vulnerabilities for packages: semgrep, open-webui...

PT-2025-49359

Name of the Vulnerable Software and Affected Versions TOZED ZLT M30S versions 1.47 and 3.09.06 TOZED ZLT M30S PRO versions 1.47 and 3.09.06 Description A security issue exists in TOZED ZLT M30S and ZLT M30S PRO devices. The issue involves hard-coded credentials within an unknown function of the W...

CVE-2025-10285

The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password...

CVE-2025-13940

An Expected Behavior Violation CWE-440 vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS boot time system integrity check and prevent the Firebox from shutting down in the event of a system integrity check failure. The on-demand system integrity check in the...

CVE-2025-14105

A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/procpost of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOTDEVICE can lead to denial of service. The attack can...