9.4
CVE-2025-62593 - Ray is vulnerable to RCE via Safari & Firefox Browsers through DNS Rebinding Attack
Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense usesβ¦
6.3
CVE-2025-66030 - node-forge ASN.1 OID Integer Truncation
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be β¦
8.7
CVE-2025-66031 - node-forge ASN.1 Unbounded Recursion
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. Thβ¦
7.7
CVE-2025-66035 - Angular HTTP Client Has XSRF Token Leakage via Protocol-Relative URLs
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leaβ¦
8.7
CVE-2019-25227 - Tellion HN-2204AP Unauthenticated Configuration Disclosure
Tellion HN-2204AP routers contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/system_config_file management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. The exposed configurationβ¦
8.7
CVE-2020-36871 - ESCAM QD-900 Unauthenticated Configuration Disclosure
ESCAM QD-900 WIFI HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint allows remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup can include aβ¦
8.7
CVE-2019-25226 - Dongyoung Media DM-AP240T/W Unauthenticated Configuration Disclosure
Dongyoung Media DM-AP240T/W wireless access points contain an unauthenticated configuration disclosure vulnerability in the /cgi-bin/sys_system_config management endpoint. The endpoint allows remote retrieval of a compressed configuration archive without requiring authentication or authorization. Tβ¦
8.7
CVE-2020-36872 - BACnet Test Server 1.01 Malformed BVLC Length DoS
BACnet Test Server versions up to and including 1.01 contains a remote denial of service vulnerability in its BACnet/IP BVLC packet handling. The server fails to properly validate the BVLC Length field in incoming UDP BVLC frames on the default BACnet port (47808/udp). A remote unauthenticated attaβ¦
8.7
CVE-2020-36873 - Astak CM-818T3 Unauthenticated Configuration Disclosure
Astak CM-818T3 2.4GHz wireless security surveillance cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization.β¦
8.7
CVE-2020-36874 - ACE SECURITY WIP-90113 Unauthenticated Configuration Disclosure
ACE SECURITY WIP-90113 HD cameras contain an unauthenticated configuration disclosure vulnerability in the /web/cgi-bin/hi3510/backup.cgi endpoint. The endpoint permits remote download of a compressed configuration backup without requiring authentication or authorization. The exposed backup may incβ¦