5.5
CVE-2025-25740 -
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the PSK parameter in the SetQuickVPNSettings module.
9.8
CVE-2024-56973 -
Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
8.8
CVE-2025-25745 -
D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetQuickVPNSettings module.
5.9
CVE-2024-12054 - ZF Roll Stability Support Plus (RSSPlus) Authentication Bypass By Primary Weakness
ZF Roll Stability Support Plus (RSSPlus) is vulnerable to an authentication bypass vulnerability targeting deterministic RSSPlus SecurityAccess service seeds, which may allow an attacker to remotely (proximal/adjacent with RF equipment or via pivot from J2497 telematics devices) call diagnosticβ¦
6.1
CVE-2025-24836 - Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception
With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests,β¦
6.9
CVE-2025-23421 - Qardio iOS and Android applications Files or Directories Accessible to External Parties
An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications.
4.3
CVE-2025-25195 - Zulip events can leak private channel names
Zulip is an open source team chat application. A weekly cron job (added in 50256f48314250978f521ef439cafa704e056539) demotes channels to being "inactive" after they have not received traffic for 180 days. However, upon doing so, an event was sent to all users in the organization, not just users inβ¦
6.2
CVE-2025-20615 - Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthoriβ¦
The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-basedβ¦
9.3
CVE-2025-25067 - mySCADA myPRO Manager OS Command Injection
mySCADA myPRO Manager is vulnerable to an OS command injection which could allow a remote attacker to execute arbitrary OS commands.
5.1
CVE-2025-23411 - mySCADA myPRO Manager Cross-Site Request Forgery
mySCADA myPRO Manager is vulnerable to cross-site request forgery (CSRF), which could allow an attacker to obtain sensitive information. An attacker would need to trick the victim in to visiting an attacker-controlled website.