2
CVE-2025-2864 - Reflected Cross-Site Scripting (XSS) vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).
5.7
CVE-2025-2863 - Cross-site request forgery (CSRF) vulnerability in saTECH BCU
Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend โฆ
4.5
CVE-2025-0986 - IBM PowerVM Hypervisor data manipulation
IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.
6.9
CVE-2025-2862 - Weak Encoding for Password vulnerability in saTECH BCU
SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.
6.9
CVE-2025-2861 - Cleartext Transmission of Sensitive Information vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.
6.9
CVE-2025-2860 - Exposure of Sensitive Information vulnerability in saTECH BCU
SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.
6.9
CVE-2025-2859 - Improper Authentication vulnerability in saTECH BCU
An attacker with networkย access,ย could capture traffic and obtain user cookies, allowing the attacker to steal the active user session and make changes to the device via web, depending on the privileges obtained by the user.
8.5
CVE-2025-2858 - Privilege escalation vulnerability in saTECH BCU
Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.
5.3
CVE-2025-2911 - Improper Restriction of Excessive Authentication Attempts vulnerability in MeetMe products
Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions.
8.2
CVE-2024-7407 - Weak password encoding in Streamsoft Prestiลผ
Use of a custom password encoding algorithmย in Streamsoft Prestiลผ software allows straightforward decoding of passwords using their encoded forms, which are stored in the application's database. One has to know the encoding algorithm, but it can be deduced by observing how password are transformed.โฆ