CVE-2025-12508 - Unencrypted communication to Active Directory services
CVE ID : CVE-2025-12508
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12508
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : When using domain users as BRAIN2 users, communication with Active Directory services is unencrypted. This can lead to the interception of authentication data and compromise confidentiality.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12509 - Scripts for the module Global_Shipping executable on BRAIN2 Server
CVE ID : CVE-2025-12509
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12509
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : On a client with an admin user, a Global_Shipping script can be implemented. The script could later be executed on the BRAIN2 server with administrator rights.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12552 - Insufficient Password Policy
CVE ID : CVE-2025-12552
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12552
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Insufficient Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12553 - Server Certificate Verification Disabled
CVE ID : CVE-2025-12553
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12553
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Email Server Certificate Verification Disabled.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12554 - Missing Security Headers
CVE ID : CVE-2025-12554
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12554
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29270 - Deep Sea Electronics DSE855 Unauthenticated Remote Command Execution
CVE ID : CVE-2025-29270
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29270
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63466 - Totolink LR350 Stack Overflow Denial of Service
CVE ID : CVE-2025-63466
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63466
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63467 - Totolink LR350 Stack Overflow Denial of Service
CVE ID : CVE-2025-63467
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63467
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63468 - Totolink LR350 HTTP Stack Overflow Denial of Service
CVE ID : CVE-2025-63468
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63468
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63469 - Totolink LR350 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-63469
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63469
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6075 - Quadratic complexity in os.path.expandvars() with user-controlled template
CVE ID : CVE-2025-6075
Published : Oct. 31, 2025, 4:41 p.m. | 41 minutes ago
Description : If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6075
Published : Oct. 31, 2025, 4:41 p.m. | 41 minutes ago
Description : If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59501 - Microsoft Configuration Manager Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59501
Published : Oct. 31, 2025, 4:45 p.m. | 37 minutes ago
Description : None
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59501
Published : Oct. 31, 2025, 4:45 p.m. | 37 minutes ago
Description : None
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63460 - Totolink A7000R Stack Overflow Denial of Service
CVE ID : CVE-2025-63460
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63460
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63461 - Totolink A7000R Stack Overflow Denial of Service in ssid5g Parameter
CVE ID : CVE-2025-63461
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63461
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63462 - Totolink A7000R Stack Overflow Denial of Service
CVE ID : CVE-2025-63462
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63462
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63463 - Totolink LR350 Stack Based Buffer Overflow Denial of Service
CVE ID : CVE-2025-63463
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63463
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63464 - Totolink LR350 Stack Overflow Denial of Service (DoS)
CVE ID : CVE-2025-63464
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63464
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63465 - Totolink LR350 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-63465
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63465
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62264 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)
CVE ID : CVE-2025-62264
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId` parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62264
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId` parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63459 - Totolink A7000R Stack Overflow Denial of Service
CVE ID : CVE-2025-63459
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63459
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12546 - LogicalDOC Community Edition API Key creation UI cross site scripting
CVE ID : CVE-2025-12546
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12546
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...