5.3
CVE-2025-7081 - Belkin F9K1122 webs formSetWanStatic os command injection
A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this vulnerability is the function formSetWanStatic of the file /goform/formSetWanStatic of the component webs. The manipulation of the argument m_wan_ipaddr/m_wan_netmask/m_wan_gateway/m_wan_staticdns1β¦
6.3
CVE-2025-7080 - Done-0 Jank JWT Token jwt_utils.go hard-coded password
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwt_utils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret withβ¦
6.3
CVE-2025-7079 - mao888 bluebell-plus JWT Token jwt.go hard-coded password
A vulnerability, which was classified as problematic, has been found in mao888 bluebell-plus up to 2.3.0. This issue affects some unknown processing of the file bluebell_backend/pkg/jwt/jwt.go of the component JWT Token Handler. The manipulation of the argument mySecret with the input bluebell-plusβ¦
5.3
CVE-2025-7078 - 07FLYCMS/07FLY-CMS/07FlyCRM cross-site request forgery
A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Thiβ¦
8.7
CVE-2025-7077 - Shenzhen Libituo Technology LBT-T300-T310 appy.cgi config_3g_para buffer overflow
A vulnerability classified as critical has been found in Shenzhen Libituo Technology LBT-T300-T310 up to 2.2.3.6. This affects the function config_3g_para of the file /appy.cgi. The manipulation of the argument username_3g/password_3g leads to buffer overflow. It is possible to initiate the attack β¦
0.0
CVE-2025-27446 - Apache APISIX Java Plugin Runner: Local listening file permissions in APISIX plugin runner allow a β¦
Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate privileges. This issue affects Apache APISIX(java-plugin-runner): from 0.2.0 through 0.5.0. Users arβ¦
5.3
CVE-2025-7076 - BlackVue Dashcam 590X Configuration upload.cgi access control
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been rated as critical. Affected by this issue is some unknown functionality of the file /upload.cgi of the component Configuration Handler. The manipulation leads to improper access controls. The attack needs to be initiatedβ¦
5.5
CVE-2025-38235 - HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting
In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting During appletb_kbd_probe, probe attempts to get the backlight device by name. When this happens backlight_device_get_by_name looks for a device in the β¦
5.3
CVE-2025-7075 - BlackVue Dashcam 590X HTTP Endpoint upload.cgi unrestricted upload
A vulnerability was found in BlackVue Dashcam 590X up to 20250624. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /upload.cgi of the component HTTP Endpoint. The manipulation leads to unrestricted upload. The attack needs to be done within tβ¦
5.3
CVE-2025-7074 - vercel hyper rimraf-standalone.js ignoreMap redos
A vulnerability classified as problematic has been found in vercel hyper up to 3.4.1. This affects the function expand/braceExpand/ignoreMap of the file hyper/bin/rimraf-standalone.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotelβ¦