CVE-2025-3699 - Mitsubishi Electric Corporation G-Series Missing Authentication Bypass Vulnerability
CVE ID : CVE-2025-3699
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3699
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-50 Version 3.37 and prior, G-50-W Version 3.37 and prior, G-50A Version 3.37 and prior, GB-50 Version 3.37 and prior, GB-50A Version 3.37 and prior, GB-24A Version 9.12 and prior, G-150AD Version 3.21 and prior, AG-150A-A Version 3.21 and prior, AG-150A-J Version 3.21 and prior, GB-50AD Version 3.21 and prior, GB-50ADA-A Version 3.21 and prior, GB-50ADA-J Version 3.21 and prior, EB-50GU-A Version 7.11 and prior, EB-50GU-J Version 7.11 and prior, AE-200J Version 8.01 and prior, AE-200A Version 8.01 and prior, AE-200E Version 8.01 and prior, AE-50J Version 8.01 and prior, AE-50A Version 8.01 and prior, AE-50E Version 8.01 and prior, EW-50J Version 8.01 and prior, EW-50A Version 8.01 and prior, EW-50E Version 8.01 and prior, TE-200A Version 8.01 and prior, TE-50A Version 8.01 and prior, TW-50A Version 8.01 and prior, and CMS-RMD-J Version 1.40 and prior allows a remote unauthenticated attacker to bypass authentication and then control the air conditioning systems illegally, or disclose information in them by exploiting this vulnerability. In addition, the attacker may tamper with firmware for them using the disclosed information.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6733 - UTT HiPER 840G API Buffer Overflow Vulnerability
CVE ID : CVE-2025-6733
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6733
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6734 - UTT HiPER 840G API Buffer Overflow Vulnerability
CVE ID : CVE-2025-6734
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6734
Published : June 26, 2025, 11:15 p.m. | 1 hour, 2 minutes ago
Description : A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6735 - Juzaweb CMS Remote Improper Authorization Vulnerability
CVE ID : CVE-2025-6735
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6735
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6736 - Juzaweb CMS Remote Authorization Bypass Vulnerability
CVE ID : CVE-2025-6736
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6736
Published : June 27, 2025, 12:15 a.m. | 4 hours, 1 minute ago
Description : A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6738 - Huija Bicycle Sharing Server SQL Injection Vulnerability
CVE ID : CVE-2025-6738
Published : June 27, 2025, 1:15 a.m. | 3 hours, 2 minutes ago
Description : A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6738
Published : June 27, 2025, 1:15 a.m. | 3 hours, 2 minutes ago
Description : A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47818 - Flock Safety Gunshot Detection HTTP Server Unauthenticated Access
CVE ID : CVE-2025-47818
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47818
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47819 - Flock Safety Gunshot Detection Debug Interface Unauthorized Access Vulnerability
CVE ID : CVE-2025-47819
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47819
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47820 - Flock Safety Gunshot Detection Devices Cleartext Code Storage Vulnerability
CVE ID : CVE-2025-47820
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47820
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6748 - Airtel Thanks App Cleartext Storage Vulnerability
CVE ID : CVE-2025-6748
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6748
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as problematic has been found in Bharti Airtel Thanks App 4.105.4 on Android. Affected is an unknown function of the file /Android/data/com.myairtelapp/files/. The manipulation leads to cleartext storage in a file or on disk. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6749 - Huija bicycleSharingServer SQL Injection Vulnerability
CVE ID : CVE-2025-6749
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6749
Published : June 27, 2025, 2:15 a.m. | 2 hours, 2 minutes ago
Description : A vulnerability classified as critical was found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this vulnerability is the function searchAdminMessageShow of the file AdminController.java. The manipulation of the argument Title leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47821 - Flock Safety Gunshot Detection Device Hardcoded Password Vulnerability
CVE ID : CVE-2025-47821
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47821
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety Gunshot Detection devices before 1.3 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47822 - Flock Safety LPR Impropoer Access Control Vulnerability
CVE ID : CVE-2025-47822
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47822
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have an on-chip debug interface with improper access control.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47823 - Flock Safety LPR Hardcoded Password Vulnerability
CVE ID : CVE-2025-47823
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47823
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have a hardcoded password for a system.
Severity: 2.2 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-47824 - Flock Safety LPR Cleartext Code Storage Vulnerability
CVE ID : CVE-2025-47824
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-47824
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.
Severity: 2.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6750 - HDF5 Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-6750
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6750
Published : June 27, 2025, 3:15 a.m. | 1 hour, 2 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53157 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-53157
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53157
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53158 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-53158
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53158
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53159 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-53159
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53159
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53160 - Apache Apache HTTP Server SQL Injection
CVE ID : CVE-2025-53160
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53160
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53161 - VMware Network Policy Vulnerability: Denial of Service
CVE ID : CVE-2025-53161
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53161
Published : June 27, 2025, 4:15 a.m. | 4 hours, 1 minute ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...