CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

PT-2025-47493

Name of the Vulnerable Software and Affected Versions Dasan Switch DS2924 versions 1.01.18 and 1.02.00 Description An authentication bypass exists in the web based interface of Dasan Switch DS2924. Successful exploitation allows attackers to gain escalated privileges by storing specially crafted...

CVE-2025-63207

The R.V.R Elettronica TEX product firmware TEXL-000400, Web GUI TLAN-000400 is vulnerable to broken access control due to improper authentication checks on the /Passwd.html endpoint. An attacker can send an unauthenticated POST request to change the Admin, Operator, and User passwords, resulting ...

PT-2025-47463

Name of the Vulnerable Software and Affected Versions Sound4 FIRST affected versions not specified Description The Sound4 FIRST web-based management interface is susceptible to Remote Code Execution RCE through a maliciously crafted firmware update package. The system’s update process does not...

CVE-2025-63206

The CVE-2025-63206 entry describes an authentication bypass in the Dasan Switch DS2924 web interface affecting firmware versions 1.01.18 and 1.02.00. The root cause is storing crafted cookies in the browser to gain escalated privileges. The CVSSv3.1 base score is 9.8 (CRITICAL), with network atta...

PT-2025-47497

Name of the Vulnerable Software and Affected Versions R.V.R Elettronica TEX firmware TEXL-000400 R.V.R Elettronica TEX Web GUI TLAN-000400 Description The R.V.R Elettronica TEX product is susceptible to a broken access control issue. This is due to insufficient authentication checks on the /...

PT-2025-47478

Name of the Vulnerable Software and Affected Versions AudioCodes Fax Server and Auto-Attendant IVR appliances versions up to and including 2.6.23 Description The software contains an unauthenticated backup upload endpoint located at /AudioCodes files/ajaxBackupUploadFile.php within the F2MAdmin w...

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

CVE-2025-63228

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains an unauthenticated file upload vulnerability in the /uploadfile.php endpoint. An attacker can exploit this by sending a crafted POST request with a malicious file e.g., a PHP webshell to the server. The uploade...

CVE-2025-37159

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

CVE-2025-37160 Authenticated Broken Access Control (BAC) in REST API Configuration Service

A broken access control BAC vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data...

CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the vi...

EUVD-2025-197971

The Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization in all versions up to, and including, 1.2.5. This is due to the plugin registering a REST API endpoint that only...

EUVD-2025-197956

There is a vulnerability in the Supermicro BMC web function at Supermicro MBD-X13SEDW-F. After logging into the BMC Web server, an attacker can use a specially crafted payload to trigger the Stack buffer overflow vulnerability...

HPE Aruba Networking 100 Series Cellular Bridge 安全漏洞

HPE Aruba Networking 100 Series Cellular Bridge is a 5G/4G mobile network wireless bridge device from HPE America. A security vulnerability exists in the HPE Aruba Networking 100 Series Cellular Bridge that stems from a denial-of-service vulnerability in the web-based management interface, which...

HPE Aruba Networking AOS-CX 安全漏洞

HPE Aruba Networking AOS-CX is a series of switch devices from HPE America. A security vulnerability exists in the HPE Aruba Networking AOS-CX that stems from improper access control of the web-based management interface, which could lead to the disclosure of sensitive information...

CVE-2025-63229

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting XSS vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's...

CVE-2025-63229

The Mozart FM Transmitter web management interface on version WEBMOZZI-00287, contains a reflected Cross-Site Scripting XSS vulnerability in the /main0.php endpoint. By injecting a malicious JavaScript payload into the ?m= query parameter, an attacker can execute arbitrary code in the victim's...

CVE-2025-63215

The Sound4 IMPACT web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

PT-2025-47396

Name of the Vulnerable Software and Affected Versions Affected versions not specified Description A flaw exists in the web-based management interface that may allow a remote attacker to cause a denial of service. Exploitation could lead to a system crash, requiring manual reboot and potentially...