0.0
CVE-2025-55586 -
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the url parameter at /boafrm/formFilter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
0.0
CVE-2025-32992 -
Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control.
0.0
CVE-2025-55585 -
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an eval injection vulnerability via the eval() function.
0.0
CVE-2025-55591 -
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
0.0
CVE-2025-55584 -
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
5.1
CVE-2025-9096 - ExpressGateway express-gateway REST Endpoint apps.js cross site scripting
A vulnerability has been found in ExpressGateway express-gateway up to 1.16.10. Affected is an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been dβ¦
7.5
CVE-2025-7342 - VM images built with Kubernetes Image Builder Nutanix or OVA providers use default credentials for β¦
A security issue was discovered in the Kubernetes Image Builder where default credentials are enabled during the image build process. Additionally, virtual machine images built using the Nutanix or the OVA provider do not disable these default credentials, and nodes using the resulting images may bβ¦
5.1
CVE-2025-9095 - ExpressGateway express-gateway REST Endpoint users.js cross site scripting
A flaw has been found in ExpressGateway express-gateway up to 1.16.10. This issue affects some unknown processing in the library lib/rest/routes/users.js of the component REST Endpoint. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been discloβ¦
5.3
CVE-2025-9094 - ThingsBoard Add Gateway special elements used in a template engine
A vulnerability was detected in ThingsBoard 4.1. This vulnerability affects unknown code of the component Add Gateway Handler. The manipulation leads to improper neutralization of special elements used in a template engine. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
4.8
CVE-2025-9093 - BuzzFeed App com.buzzfeed.android AndroidManifest.xml improper export of android application componβ¦
A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. Tβ¦