8.8
CVE-2025-0657 - ALC WebCTRL Carrier i-Vu and Gen5 Controllers Array Index out-of-range
A weakness in Automated Logic and Carrier i-Vu Gen5 router on driver version drv_gen5_106-01-2380, allows malformed packets to be sent through BACnet MS/TP network causing the devices to enter a fault state. This fault state requires a manual power cycle to return the device to network visibβ¦
8.7
CVE-2025-0658 - Automated Logic and Carrier Zone Controllers malformed packets denial of service
A vulnerability in Automated Logic and Carrier's Zone ControllerΒ via BACnet protocol causes the device to crash. The device enters a fault state; after a reset, a second packet can leave it permanently unresponsive until a manual power cycle is performed.
6.9
CVE-2025-66361 -
An issue was discovered in Logpoint before 7.7.0. Sensitive information is exposed in System Processes for an extended period during high CPU load.
6.9
CVE-2025-66360 -
An issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal service (Redis) information to li-admin users. This can lead to privilege escalation.
7.0
CVE-2025-13699 - MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability
MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MariaDB. Interaction with the mariadb-dump utility is required to exploit this vulnerability but attack vectors mayβ¦
8.5
CVE-2025-66359 -
An issue was discovered in Logpoint before 7.7.0. Insufficient input validation and a lack of output escaping in multiple components leads to a cross-site scripting (XSS) vulnerability.
0.0
CVE-2025-13760 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
3.6
CVE-2025-66040 - Spotipy has a XSS vulnerability in OAuth callback server
Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browsβ¦
7.5
CVE-2025-64344 - Suricata is vulnerable to a stack overflow from unbounded stack allocation in LuaPushStringBuffer
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected whβ¦
7.5
CVE-2025-64330 - Suricata is vulnerable to a heap buffer overflow on verdict
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, a single byte read heap overflow when logging the verdict in eve.alert and eve.drop records can lead to crashes. This requires tβ¦