5.4
CVE-2025-5072 - Resource leaks in cm
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
9.8
CVE-2025-41648 - Pilz: Authentication Bypass in IndustrialPI Webstatus
An unauthenticated remote attacker can bypass the login to the web application of the affected devices making it possible to access and change all available settings of the IndustrialPI.
10
CVE-2025-41656 - Pilz: Missing Authentication in Node-RED integration
An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default.
9.8
CVE-2025-6934 - Opal Estate Pro <= 1.7.5 - Unauthenticated Privilege Escalation via 'on_regiser_user'
The Opal Estate Pro – Property Management and Submission plugin for WordPress, used by the FullHouse - Real Estate Responsive WordPress Theme, is vulnerable to privilege escalation via in all versions up to, and including, 1.7.5. This is due to a lack of role restriction during registration in the …
6.8
CVE-2025-6081 - Pass-back attack in Konica Minolta bizhub 227 multifunctional printers
Insufficiently Protected Credentials in LDAP in Konica Minolta bizhub 227 Multifunction printers version GCQ-Y3 or earlier allows an attacker can reconfigure the target device to use an external LDAP service controlled by the attacker. If an LDAP password is set on the target device, the attacker c…
5.3
CVE-2025-5967 -
A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data.
8.7
CVE-2025-6940 - TOTOLINK A702R HTTP POST Request formParentControl buffer overflow
A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.…
8.1
CVE-2024-49364 - tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable mes…
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. The Buffer.isBuf…
8.1
CVE-2024-49365 - tiny-secp256k1 allows for verify() bypass when running in bundled environment
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. Buffer.isBuffer check can…
8.7
CVE-2025-6939 - TOTOLINK A3002RU HTTP POST Request formWlSiteSurvey buffer overflow
A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to la…