6.4
CVE-2025-9057 - Biagiotti Core <= 2.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-levβ¦
9.2
CVE-2025-35452 - Pan-Tilt-Zoom cameras default administrative credentials for web interface
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
2.3
CVE-2025-30198 - ECOVACS Vacuum and Base Station Hard-Coded WPA2-PSK
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived.
7.5
CVE-2025-30199 - ECOVACS Vacuum and Base Station accept unsigned firmware
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station.
9.3
CVE-2025-35451 - Pan-Tilt-Zoom cameras hard-coded default passwords with SSH and telnet enabled
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the user, nor can the SSH or telnet service be dβ¦
2.3
CVE-2025-30200 - ECOVACS Vacuum and Base Station Hard-Coded AES Encryption
ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic AES encryption key, which can be easily derived.
2.3
CVE-2025-10014 - elunez eladmin Email Address updateEmail updateUserEmail improper authorization
A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote. Attacβ¦
8.6
CVE-2025-9709 - NRF52810 Runtime EM Fault Injection APPROTECT Bypass
On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardβ¦
7.6
CVE-2025-9999 - Improper validation of payload elements
Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in the application.
6
CVE-2025-9998 - Improper validation of packets sequencing
The sequence of packets received by a Networking server are not correctly checked. An attacker could exploit this vulnerability to send specially crafted messages to force the application to stop.