CVE-2025-31199 - "Apple iOS/iPadOS/visualOS/macOS Sequoia Sensitive Data Disclosure"
CVE ID : CVE-2025-31199
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31199
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4, macOS Sequoia 15.4. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31231 - Apple macOS Sequoia Location Information Disclosure Vulnerability
CVE ID : CVE-2025-31231
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31231
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read sensitive location information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31261 - Apple macOS User Data Access Permissions Vulnerability
CVE ID : CVE-2025-31261
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31261
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31263 - Apple macOS Coprocessor Memory Corruption
CVE ID : CVE-2025-31263
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31263
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31264 - Apple macOS Locked Device State Management Authentication Bypass
CVE ID : CVE-2025-31264
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31264
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5307 - Santesoft Sante DICOM Viewer Pro RCE Memory Corruption
CVE ID : CVE-2025-5307
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5307
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : Santesoft Sante DICOM Viewer Pro contains a memory corruption vulnerability. A local attacker could exploit this issue to potentially disclose information and to execute arbitrary code on affected installations of Sante DICOM Viewer Pro.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5330 - FreeFloat FTP Server RETR Command Handler Buffer Overflow Vulnerability
CVE ID : CVE-2025-5330
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5330
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component RETR Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5331 - PCMan FTP Server Buffer Overflow Vulnerability
CVE ID : CVE-2025-5331
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5331
Published : May 29, 2025, 10:15 p.m. | 3 hours, 16 minutes ago
Description : A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5332 - "1000 Projects Online Notice Board SQL Injection Vulnerability"
CVE ID : CVE-2025-5332
Published : May 29, 2025, 11:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5332
Published : May 29, 2025, 11:15 p.m. | 2 hours, 16 minutes ago
Description : A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1907 - Instantel Micromate Unauthenticated Command Execution
CVE ID : CVE-2025-1907
Published : May 30, 2025, 12:15 a.m. | 1 hour, 16 minutes ago
Description : Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1907
Published : May 30, 2025, 12:15 a.m. | 1 hour, 16 minutes ago
Description : Instantel Micromate lacks authentication on a configuration port which could allow an attacker to execute commands if connected.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41438 - "CS5000 Fire Panel Default Account Privilege Escalation"
CVE ID : CVE-2025-41438
Published : May 30, 2025, 12:15 a.m. | 1 hour, 16 minutes ago
Description : The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41438
Published : May 30, 2025, 12:15 a.m. | 1 hour, 16 minutes ago
Description : The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely impact the device's operation if exploited.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46352 - "CS5000 Fire Panel Hard-Coded Password Remote Command Injection Vulnerability"
CVE ID : CVE-2025-46352
Published : May 30, 2025, 12:15 a.m. | 1 hour, 16 minutes ago
Description : The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46352
Published : May 30, 2025, 12:15 a.m. | 1 hour, 16 minutes ago
Description : The CS5000 Fire Panel is vulnerable due to a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing anyone with knowledge of it to gain remote access to the panel. Such access could enable an attacker to operate the panel remotely, potentially putting the fire panel into a non-functional state and causing serious safety issues.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2020-36846 - Brotli Embedded Library Buffer Overflow Vulnerability
CVE ID : CVE-2020-36846
Published : May 30, 2025, 1:15 a.m. | 16 minutes ago
Description : A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2020-36846
Published : May 30, 2025, 1:15 a.m. | 16 minutes ago
Description : A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-12224 - Servo rust-url IDNA Punycode Equivalence Validation Vulnerability
CVE ID : CVE-2024-12224
Published : May 30, 2025, 2:15 a.m. | 3 hours, 17 minutes ago
Description : Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-12224
Published : May 30, 2025, 2:15 a.m. | 3 hours, 17 minutes ago
Description : Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44612 - Tinxy WiFi Lock Controller Remote Information Disclosure
CVE ID : CVE-2025-44612
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44612
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44614 - Tinxy WiFi Lock Controller Plaintext Storage Vulnerability
CVE ID : CVE-2025-44614
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44614
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44619 - Tinxy WiFi Lock Controller RF Authentication Bypass
CVE ID : CVE-2025-44619
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44619
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48757 - Lovable Database Row-Level Security Bypass (Remote Unauthenticated)
CVE ID : CVE-2025-48757
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48757
Published : May 30, 2025, 3:15 a.m. | 2 hours, 16 minutes ago
Description : An insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write to arbitrary database tables of generated sites.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44904 - Apache HDF5 Heap Buffer Overflow
CVE ID : CVE-2025-44904
Published : May 30, 2025, 4:15 a.m. | 1 hour, 16 minutes ago
Description : hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44904
Published : May 30, 2025, 4:15 a.m. | 1 hour, 16 minutes ago
Description : hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44905 - HDF5 Heap Buffer Overflow
CVE ID : CVE-2025-44905
Published : May 30, 2025, 4:15 a.m. | 1 hour, 16 minutes ago
Description : hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44905
Published : May 30, 2025, 4:15 a.m. | 1 hour, 16 minutes ago
Description : hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-44906 - jhead Heap Use After Free Vulnerability
CVE ID : CVE-2025-44906
Published : May 30, 2025, 4:15 a.m. | 1 hour, 16 minutes ago
Description : jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-44906
Published : May 30, 2025, 4:15 a.m. | 1 hour, 16 minutes ago
Description : jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...