5.3
CVE-2025-5439 - Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 verifyFacebookLike os command injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. Affected by this issue is the function verifyFacebookLike of the file /goform/verifyFacebookLike. The manipulation of the arโฆ
5.3
CVE-2025-5438 - Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 WPS command injection
A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this vulnerability is the function WPS of the file /goform/WPS. The manipulation of the argument PIN leads toโฆ
8.4
CVE-2025-5455 - Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:cโฆ
6.9
CVE-2025-5437 - Multilaser Sirius RE016 Password Change cstecgi.cgi improper authentication
A vulnerability classified as critical has been found in Multilaser Sirius RE016 MLT1.0. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Password Change Handler. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exโฆ
6.9
CVE-2025-5436 - Multilaser Sirius RE016 cstecgi.cgi information disclosure
A vulnerability was found in Multilaser Sirius RE016 MLT1.0. It has been rated as problematic. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the pโฆ
8.8
CVE-2025-0358 -
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling aย lower-privileged user to gain administrator privileges.
4.3
CVE-2025-0325 -
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attackerย to block access to the guard tour configuration page in the web interface of the Axis device.
9.4
CVE-2025-0324 -
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gainย administrator privileges.
6.9
CVE-2025-5435 - Marwal Infotech CMS page.php sql injection
A vulnerability was found in Marwal Infotech CMS 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /page.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and mโฆ
8.6
CVE-2025-5113 - Authenticated Remote Command Injection in Diviotec NBR IP Cameras
The Diviotec professional series exposes a web interface. One endpoint is vulnerable to arbitrary command injection and hardcoded passwords are used.