8.6
CVE-2025-12196 - WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI Ping Command
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary code via a specially crafted CLI command.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 up toβ¦
8.7
CVE-2025-53704 - MAXHUB Pivot Weak Password Recovery Mechanism for Forgotten Password
The password reset mechanism for the Pivot client application is weak, and it may allow an attacker to take over the account.
8.6
CVE-2025-12195 - WatchGuard Firebox Authenticated Out of Bounds Write in Management CLI IPSec Configuration
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS's CLI could allow an authenticated privileged user to execute arbitrary codeΒ via specially crafted IPSec configuration CLI commands.This vulnerability affects Fireware OS 11.0 up to and including 11.12.4+541730, 12.0 up to and includingβ¦
8.6
CVE-2025-12026 - WatchGuard Firebox Authenticated Out of Bounds Write in certd
An Out-of-bounds Write vulnerability in WatchGuard Fireware OSβs certificate request command could allow an authenticated privileged user to execute arbitrary code via specially crafted CLI commands.This vulnerability affects Fireware OS 12.0 up to and including 12.11.4, 12.5 up to and including 12β¦
7.4
CVE-2025-10285 - Simplcity Device Manager exposes NTLMv2 hash
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.
8.3
CVE-2025-13932 -
The SolisCloud API suffers from a Broken Access Control vulnerability, specifically an Insecure Direct Object Reference (IDOR), where any authenticated user can access detailed data of any plant by altering the plant_id in the request.
7.4
CVE-2025-66238 - Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel
DCIM dcTrack allows an attacker to misuse certain remote access features. An authenticated user with access to the appliance's virtual console could exploit these features to redirect network traffic, potentially accessing restricted services or data on the host machine.
0.0
CVE-2025-14066 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
8.4
CVE-2025-66237 - Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials
DCIM dcTrack platforms utilize default and hard-coded credentials for access. An attacker could use these credentials to administer the database, escalate privileges on the platform or execute system commands on the host.
1.8
CVE-2025-66479 - Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the saβ¦