8.7
CVE-2018-25136 - FLIR Brickstream 3D+ 2.1.742.1842 Unauthenticated RTSP Stream Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can retrieve video stream images by directly accessing multiple image endpoints like middleImage.jpg, rightimage.jpg, and leftimage.jpβ¦
9.3
CVE-2018-25135 - Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import
Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing usβ¦
9.3
CVE-2018-25134 - Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass via webNewAcct.cgi
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts β¦
5.1
CVE-2018-25133 - Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administβ¦
5.1
CVE-2018-25131 - Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 Stored XSS via Config Upload
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.
6.8
CVE-2018-25130 - Beward Intercom 2.3.1 Local Credentials Disclosure via Unencrypted Database
Beward Intercom 2.3.1 contains a credentials disclosure vulnerability that allows local attackers to access plain-text authentication credentials stored in an unencrypted database file. Attackers can read the BEWARD.INTERCOM.FDB file to extract usernames and passwords, enabling unauthorized access β¦
7.1
CVE-2018-25129 - SOCA Access Control System 180612 Information Disclosure via Multiple Endpoints
SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints like Get_Permissions_Fβ¦
9.3
CVE-2018-25128 - SOCA Access Control System 180612 SQL Injection and Authentication Bypass
SOCA Access Control System 180612 contains multiple SQL injection vulnerabilities that allow attackers to manipulate database queries through unvalidated POST parameters. Attackers can bypass authentication, retrieve password hashes, and gain administrative access with full system privileges by expβ¦
5.1
CVE-2018-25127 - SOCA Access Control System 180612 Cross-Site Request Forgery via Admin Interface
SOCA Access Control System 180612 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that submit forged requests to create admin accounts by tricking logged-in users iβ¦
6.2
CVE-2025-36154 - IBM Concert Software Cleartext Storage in a File or on Disk.
IBM Concert 1.0.0 through 2.1.0 stores sensitive information in cleartext during recursive docker builds which could be obtained by a local user.