CVE-2022-4985 - Vodafone H500s WiFi Password Disclosure via activation.json
CVE ID : CVE-2022-4985
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-4985
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : Vodafone H500s devices running firmware v3.5.10 (hardware model Sercomm VFH500) expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document that contains the wifi_password field. This allows an unauthenticated attacker to obtain the WiFi credentials and gain unauthorized access to the wireless network, compromising confidentiality of network traffic and attached systems.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2023-7328 - Screen SFT DAB 600/C <= 1.9.3 Unauthenticated Information Disclosure
CVE ID : CVE-2023-7328
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2023-7328
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : Screen SFT DAB 600/C firmware versions up to and including 1.9.3 contain an improper access control on the user management API allows unauthenticated requests to retrieve structured user data, including account names and connection metadata such as client IP and timeout values.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13188 - D-Link DIR-816L authentication.cgi authenticationcgi_main stack-based overflow
CVE ID : CVE-2025-13188
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13188
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : A vulnerability was detected in D-Link DIR-816L 2_06_b09_beta. Affected by this vulnerability is the function authenticationcgi_main of the file /authentication.cgi. Performing manipulation of the argument Password results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1256 - CVE-2022-1234: Apache HTTP Server Remote Code Execution Vulnerability
CVE ID : CVE-2025-1256
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-1256
Published : Nov. 14, 2025, 11:15 p.m. | 3 hours, 55 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55034 - General Industrial Controls Lynx+ Gateway Weak Password Requirements
CVE ID : CVE-2025-55034
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55034
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and login.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-58083 - General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function
CVE ID : CVE-2025-58083
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-58083
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59780 - General Industrial Controls Lynx+ Gateway Missing Authentication for Critical Function
CVE ID : CVE-2025-59780
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59780
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62765 - General Industrial Controls Lynx+ Gateway Cleartext Transmission of Sensitive Information
CVE ID : CVE-2025-62765
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62765
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including plaintext credentials.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64307 - Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function
CVE ID : CVE-2025-64307
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64307
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64308 - Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
CVE ID : CVE-2025-64308
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64308
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64309 - Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
CVE ID : CVE-2025-64309
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64309
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8386 - AVEVA Application Server IDE Basic Cross-site Scripting
CVE ID : CVE-2025-8386
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited during config-time operations within the IDE component of Application Server. Run-time components and operations are not affected.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8386
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection that when executed by a victim user, can result in horizontal or vertical escalation of privileges. The vulnerability can only be exploited during config-time operations within the IDE component of Application Server. Run-time components and operations are not affected.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9317 - AVEVA Edge Use of a Broken or Risky Cryptographic Algorithm
CVE ID : CVE-2025-9317
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9317
Published : Nov. 15, 2025, 12:15 a.m. | 2 hours, 55 minutes ago
Description : The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords through computational brute-forcing of weak hashes.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12182 - Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize
CVE ID : CVE-2025-12182
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `resize_image_callback()` function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment. This makes it possible for authenticated attackers, with Contributor-level access and above, to resize arbitrary media library images belonging to other users, which can result in unintended file writes, disk consumption, and server resource abuse through processing of large images.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12182
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : The Qi Blocks plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the `resize_image_callback()` function in all versions up to, and including, 1.4.3. This is due to the plugin not properly verifying that a user has permission to resize a specific attachment. This makes it possible for authenticated attackers, with Contributor-level access and above, to resize arbitrary media library images belonging to other users, which can result in unintended file writes, disk consumption, and server resource abuse through processing of large images.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65064 - Samsung Smart TV Authentication Bypass
CVE ID : CVE-2025-65064
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65064
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65065 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-65065
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65065
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65066 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-65066
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65066
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65067 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-65067
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65067
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65068 - Apache Struts Command Injection
CVE ID : CVE-2025-65068
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65068
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65069 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-65069
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65069
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65070 - Apache HTTP Server Unvalidated User Input Vulnerability
CVE ID : CVE-2025-65070
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65070
Published : Nov. 15, 2025, 4:15 a.m. | 58 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...