9.2
CVE-2025-64385 - INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES
The equipment initially can be configured using the manufacturer's application, by Wi-Fi, by the web server or with the manufacturerโs software. Using the manufacturer's software, the device can be configured via UDP. Analyzing this communication, it has been observed that any aspect of the initialโฆ
8.3
CVE-2025-64389 - EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT
The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol.
9.2
CVE-2025-64388 - Denial of service through specific packets
Denial of service of the web server through specific requests to this protocol
5.1
CVE-2025-64387 - CLICKJACKING
The web application is vulnerable to a so-called โclickjackingโ attack. In this type of attack, the vulnerable page is inserted into a page controlled by the attacker in order to deceive the victim. This deception can range from making the victim click on a button to making them enter their login cโฆ
7.5
CVE-2025-12501 -
Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projectsย are urged to update and recompile immediately.
5.3
CVE-2025-12460 - Stored XSS vulnerability in Afterlogic Aurora webmail
An XSS issue was discovered in Afterlogic Aurora webmail version 9.8.3 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img HTML tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, โฆ
5.3
CVE-2025-12521 - Analytify Pro <= 7.0.3 - Unauthenticated Information Exposure
The Analytify Pro plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.0.3 via the Analytify Tag HTML details. This makes it possible for unauthenticated attackers to extract usernames from source code. While we generally do not assign CVE IDsโฆ
7.7
CVE-2025-64386 - HIJACKING OF THE TOKEN AND GAINING ACCESS
The equipment grants a JWT token for each connection in the timeline, but during an active valid session, a hijacking of the token can be done. This will allow an attacker with the token modify parameters of security, access or even steal the session without the legitimate and active session detectโฆ
3.7
CVE-2025-36249 - IBM Jazz for Service Management is vulnerable to "filter" cookie not sent over SSL
IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to tโฆ
7.8
CVE-2025-33003 - IBM InfoSphere Information Server is vulnerable to privilege escalation
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow a non-root user to gain higher privileges/capabilities within the scope of a container due to execution with unnecessary privileges.