CVE-2025-52555 - Ceph File System Root Privilege Escalation
CVE ID : CVE-2025-52555
Published : June 26, 2025, 9:15 p.m. | 3 hours, 2 minutes ago
Description : Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52555
Published : June 26, 2025, 9:15 p.m. | 3 hours, 2 minutes ago
Description : Ceph is a distributed object, block, and file storage platform. In versions 17.2.7, 18.2.1 through 18.2.4, and 19.0.0 through 19.2.2, an unprivileged user can escalate to root privileges in a ceph-fuse mounted CephFS by chmod 777 a directory owned by root to gain access. The result of this is that a user could read, write and execute to any directory owned by root as long as they chmod 777 it. This impacts confidentiality, integrity, and availability. It is patched in versions 17.2.8, 18.2.5, and 19.2.3.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2015-0842 - Yubiserver SQL Injection Vulnerability
CVE ID : CVE-2015-0842
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2015-0842
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2015-0843 - Yubiserver sprintf Buffer Overflow
CVE ID : CVE-2015-0843
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : yubiserver before 0.6 is to buffer overflows due to misuse of sprintf.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2015-0843
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : yubiserver before 0.6 is to buffer overflows due to misuse of sprintf.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2015-0849 - Pycode-Browser File Predictability Vulnerability
CVE ID : CVE-2015-0849
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2015-0849
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : pycode-browser before version 1.0 is prone to a predictable temporary file vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5731 - Infinispan CLI Plaintext Password Disclosure Vulnerability
CVE ID : CVE-2025-5731
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5731
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6731 - "yzcheng90 X-SpringBoot Remote Path Traversal Vulnerability"
CVE ID : CVE-2025-6731
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6731
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : A vulnerability was found in yzcheng90 X-SpringBoot up to 5.0 and classified as critical. Affected by this issue is the function uploadApk of the file /sys/oss/upload/apk of the component APK File Handler. The manipulation of the argument File leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6732 - UTT HiPER 840G strcpy Buffer Overflow Remote Code Execution
CVE ID : CVE-2025-6732
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6732
Published : June 26, 2025, 10:15 p.m. | 2 hours, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3699 - Mitsubishi Electric Corporation G-Series Missing Authentication Bypass Vulnerability
CVE ID : CVE-2025-3699
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3699
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6733 - UTT HiPER 840G API Buffer Overflow Vulnerability
CVE ID : CVE-2025-6733
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6733
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6734 - UTT HiPER 840G API Buffer Overflow Vulnerability
CVE ID : CVE-2025-6734
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6734
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6735 - Juzaweb CMS Remote Improper Authorization Vulnerability
CVE ID : CVE-2025-6735
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6735
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6736 - Juzaweb CMS Remote Authorization Bypass Vulnerability
CVE ID : CVE-2025-6736
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6736
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6738 - Huija Bicycle Sharing Server SQL Injection Vulnerability
CVE ID : CVE-2025-6738
Published : June 27, 2025, 1:15 a.m. | 3 hours, 2 minutes ago
Description : A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6738
Published : June 27, 2025, 1:15 a.m. | 3 hours, 2 minutes ago
Description : A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47818 - Flock Safety Gunshot Detection HTTP Server Unauthenticated Access
CVE ID : CVE-2025-47818
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47818
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47819 - Flock Safety Gunshot Detection Debug Interface Unauthorized Access Vulnerability
CVE ID : CVE-2025-47819
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47819
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47820 - Flock Safety Gunshot Detection Devices Cleartext Code Storage Vulnerability
CVE ID : CVE-2025-47820
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47820
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6748 - Airtel Thanks App Cleartext Storage Vulnerability
CVE ID : CVE-2025-6748
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6748
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6749 - Huija bicycleSharingServer SQL Injection Vulnerability
CVE ID : CVE-2025-6749
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6749
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47821 - Flock Safety Gunshot Detection Device Hardcoded Password Vulnerability
CVE ID : CVE-2025-47821
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47821
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47822 - Flock Safety LPR Impropoer Access Control Vulnerability
CVE ID : CVE-2025-47822
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47822
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47823 - Flock Safety LPR Hardcoded Password Vulnerability
CVE ID : CVE-2025-47823
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47823
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...