CVE-2025-60662 - Tenda AC18 Stack Overflow Vulnerability
CVE ID : CVE-2025-60662
Published : Oct. 2, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60662
Published : Oct. 2, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59403 - Flock Safety Android Collins Unauthenticated Remote Code Execution and Information Disclosure Vulnerability
CVE ID : CVE-2025-59403
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59403
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59405 - Flock Safety Peripheral Cleartext DataDog API Key Exposure
CVE ID : CVE-2025-59405
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59405
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59406 - Flock Safety Pisco OAuth Client Secret Exposed
CVE ID : CVE-2025-59406
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59406
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59407 - Flock Safety Java Keystore Hardcoded Password Vulnerability
CVE ID : CVE-2025-59407
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59407
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : The Flock Safety DetectionProcessing com.flocksafety.android.objects application 6.35.33 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) bundles a Java Keystore (flock_rye.bks) along with its hardcoded password (flockhibiki17) in its code. The keystore contains a private key.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59409 - Flock Safety Falcon and Sparrow License Plate Readers Wi-Fi Cleartext Credentials Vulnerability
CVE ID : CVE-2025-59409
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59409
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : Flock Safety Falcon and Sparrow License Plate Readers OPM1.171019.026 ship with development Wi-Fi credentials (test_flck) stored in cleartext in production firmware.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60661 - Tenda AC18 Stack Overflow Vulnerability
CVE ID : CVE-2025-60661
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60661
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the cloneType parameter in the fromAdvSetMacMtuWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60663 - Tenda AC18 Stack Overflow Vulnerability
CVE ID : CVE-2025-60663
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60663
Published : Oct. 2, 2025, 5:16 p.m. | 2 hours, 8 minutes ago
Description : Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanMTU parameter in the fromAdvSetMacMtuWan function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-56019 - Agasta Easytouch+ BLE Unauthenticated Remote Denial of Service (DoS)
CVE ID : CVE-2025-56019
Published : Oct. 2, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-56019
Published : Oct. 2, 2025, 6:15 p.m. | 1 hour, 8 minutes ago
Description : An insecure permission vulnerability exists in the Agasta Easytouch+ version 9.3.97 The device allows unauthorized mobile applications to connect via Bluetooth Low Energy (BLE) without authentication. Once an unauthorized connection is established, legitimate applications are unable to connect, causing a denial of service. The attack requires proximity to the device, making it exploitable from an adjacent network location.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59835 - LangBot has a cross-directory file upload vulnerability, which could lead to system takeover
CVE ID : CVE-2025-59835
Published : Oct. 2, 2025, 6:59 p.m. | 24 minutes ago
Description : LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59835
Published : Oct. 2, 2025, 6:59 p.m. | 24 minutes ago
Description : LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory of files on the server, it is possible to upload dangerous files to specific system directories. This is fixed in version 4.3.5.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-32942 - SSH Tectia Server Remote Session Hijacking Vulnerability
CVE ID : CVE-2025-32942
Published : Oct. 2, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-32942
Published : Oct. 2, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49090 - "Matrix State Resolution Deficient"
CVE ID : CVE-2025-49090
Published : Oct. 2, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49090
Published : Oct. 2, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : The Matrix specification before 1.16 (i.e., with a room version before 12 and State Resolution before 2.1) has deficient state resolution.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54315 - Matrix Create Event Uniqueness Vulnerability
CVE ID : CVE-2025-54315
Published : Oct. 2, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54315
Published : Oct. 2, 2025, 7:15 p.m. | 4 hours, 11 minutes ago
Description : The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10653 - Raise3D Pro2 Series 3D Printers Authentication Bypass Using an Alternate Path or Channel
CVE ID : CVE-2025-10653
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : An unauthenticated debug port may allow access to the device file system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10653
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : An unauthenticated debug port may allow access to the device file system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54086 - Excess Permissions in Warehouse
CVE ID : CVE-2025-54086
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54086
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : CVE-2025-54086 is an excess permissions vulnerability in the Warehouse component of Absolute Secure Access prior to version 14.10. Attackers with access to the local file system can read the Java keystore file. The attack complexity is low, there are no attack requirements, the privileges required are low and no user interaction is required. Impact to confidentiality is low, there is no impact to integrity or availability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54087 - Server-side request forgery in Secure Access
CVE ID : CVE-2025-54087
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54087
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : CVE-2025-54087 is a server-side request forgery vulnerability in Secure Access prior to version 14.10. Attackers with administrative privileges can publish a crafted test HTTP request originating from the Secure Access server. The attack complexity is high, there are no attack requirements, and user interaction is required. There is no direct impact to confidentiality, integrity, or availability. There is a low severity subsequent system impact to integrity.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61595 - MANTRA tx gas limit is not enforced in send hooks
CVE ID : CVE-2025-61595
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61595
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract, potentially amplifying the gas consumption exponentially. This is fixed in version 4.0.2.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61603 - WeGIA: SQL Injection (Blind Time-Based) Vulnerability in API `descricao` Parameter
CVE ID : CVE-2025-61603
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61603
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : WeGIA is a Web manager for charitable institutions. Versions 3.4.12 and below include an SQL Injection vulnerability which was identified in the /controle/control.php endpoint, specifically in the descricao parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This issue is fixed in version 3.5.0.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61604 - WeGIA: Cross-Site Request Forgery (CSRF) Vulnerability in `control.php` Endpoint
CVE ID : CVE-2025-61604
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victim’s authenticated session. This issue is fixed in version 3.5.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61604
Published : Oct. 2, 2025, 8:15 p.m. | 3 hours, 11 minutes ago
Description : WeGIA is an open source web manager with a focus on charitable institutions. Versions 3.4.12 and below contain a Cross-Site Request Forgery (CSRF) vulnerability. The delete operation for the Almoxarifado entity is exposed via HTTP GET without CSRF protection, allowing a third-party site to trigger the action using the victim’s authenticated session. This issue is fixed in version 3.5.0.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54088 - Open Redirect in Secure Access prior to 14.10
CVE ID : CVE-2025-54088
Published : Oct. 2, 2025, 9:16 p.m. | 2 hours, 10 minutes ago
Description : CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate in the attack. Impact to confidentiality is low and there is no impact to integrity or availability. There are high severity impacts to confidentiality, integrity, availability in subsequent systems.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54088
Published : Oct. 2, 2025, 9:16 p.m. | 2 hours, 10 minutes ago
Description : CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10. Attackers with access to the console can redirect victims to an arbitrary URL. The attack complexity is low, attack requirements are present, no privileges are required, and users must actively participate in the attack. Impact to confidentiality is low and there is no impact to integrity or availability. There are high severity impacts to confidentiality, integrity, availability in subsequent systems.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54089 - Cross-site Scripting vulnerability in Secure Access prior to 14.10
CVE ID : CVE-2025-54089
Published : Oct. 2, 2025, 9:16 p.m. | 2 hours, 10 minutes ago
Description : CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54089
Published : Oct. 2, 2025, 9:16 p.m. | 2 hours, 10 minutes ago
Description : CVE-2025-54089 is a cross-site scripting vulnerability in versions of secure access prior to 14.10. Attackers with administrative access to the console can interfere with another administrator’s access to the console. The attack complexity is low; there are no attack requirements. Privileges required to execute the attack are high and the victim must actively participate in the attack sequence. There is no impact to confidentiality or availability, there is a low impact to integrity.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...