5.3
CVE-2025-11635 - Tomofun Furbo 360 File Upload resource consumption
A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did nβ¦
3.5
CVE-2025-2138 - IBM Engineering Requirements Management Doors Next data modification
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete comments from other users due to client-side enforcement of server-side security.
3.5
CVE-2025-2139 - IBM Engineering Requirements Management Doors Next security bypass
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to delete reviews from other users due to client-side enforcement of server-side security.
5.7
CVE-2025-2140 - IBM Engineering Requirements Management Doors Next spoofing
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data.
6.5
CVE-2025-33096 - IBM Engineering Requirements Management Doors Next denial of service
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user to cause a denial of service by uploading specially crafted files using uncontrolled recursion.
2.4
CVE-2025-11634 - Tomofun Furbo 360/Furbo Mini UART information disclosure
A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The exploit has been released to the public and may be exploited. β¦
6.3
CVE-2025-11633 - Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation
A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is the function upload_file_to_s3 of the file collect_logs.sh of the component HTTP Traffic Handler. The manipulation leads to improper certificate validation. The attack may be initiated remotely. The attackβ¦
3.5
CVE-2025-52615 - HCL Unica Platform is impacted by misconfigured security related HTTP headers
HCL Unica Platform is impacted by misconfigured security related HTTP headers. This can lead to less secure browser default treatment for the policies controlled by these headers.
5.3
CVE-2025-11631 - RainyGao DocSys deleteDoc.do path traversal
A vulnerability was determined in RainyGao DocSys up to 2.02.36. Affected by this vulnerability is an unknown functionality of the file /Doc/deleteDoc.do. Executing manipulation of the argument path can lead to path traversal. The attack can be launched remotely. The exploit has been publicly disclβ¦
3.5
CVE-2025-52614 - HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability
HCL Unica Platform is affected by a Cookie without HTTPOnly Flag Set vulnerability. A malicious agent may be able to induce this event by feeding a user suitable links, either directly or via another web site.