CVE-2025-13809 - orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
CVE ID : CVE-2025-13809
Published : Dec. 1, 2025, 6:15 a.m. | 3 hours, 15 minutes ago
Description : A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13809
Published : Dec. 1, 2025, 6:15 a.m. | 3 hours, 15 minutes ago
Description : A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection Handler. Such manipulation of the argument host/sshPort/username/password/authType leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. A patch should be applied to remediate this issue. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13810 - jsnjfz WebStack-Guns KaptchaController.java renderPicture path traversal
CVE ID : CVE-2025-13810
Published : Dec. 1, 2025, 7:16 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13810
Published : Dec. 1, 2025, 7:16 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13811 - jsnjfz WebStack-Guns PageFactory.java sql injection
CVE ID : CVE-2025-13811
Published : Dec. 1, 2025, 7:16 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13811
Published : Dec. 1, 2025, 7:16 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability was determined in jsnjfz WebStack-Guns 1.0. This vulnerability affects unknown code of the file src/main/java/com/jsnjfz/manage/core/common/constant/factory/PageFactory.java. Executing manipulation of the argument sort can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13813 - moxi159753 Mogu Blog v2 Storage Management Endpoint storage authorization
CVE ID : CVE-2025-13813
Published : Dec. 1, 2025, 7:16 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13813
Published : Dec. 1, 2025, 7:16 a.m. | 2 hours, 14 minutes ago
Description : A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is assessed as difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11131 - NR Modem Denial of Service (DoS) Vulnerability
CVE ID : CVE-2025-11131
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11131
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11132 - NR Modem Denial of Service Vulnerability
CVE ID : CVE-2025-11132
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11132
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11133 - "NR Modem Denial of Service Vulnerability"
CVE ID : CVE-2025-11133
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11133
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13814 - moxi159753 Mogu Blog v2 uploadPicsByUrl LocalFileServiceImpl.uploadPictureByUrl server-side request forgery
CVE ID : CVE-2025-13814
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13814
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : A security flaw has been discovered in moxi159753 Mogu Blog v2 up to 5.2. Impacted is the function LocalFileServiceImpl.uploadPictureByUrl of the file /file/uploadPicsByUrl. The manipulation results in server-side request forgery. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3012 - DPC Modem Null Pointer Dereference Denial of Service
CVE ID : CVE-2025-3012
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3012
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In dpc modem, there is a possible system crash due to null pointer dereference. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61607 - NR Modem Denial of Service Vulnerability
CVE ID : CVE-2025-61607
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61607
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61608 - NR Modem Denial of Service Vulnerability
CVE ID : CVE-2025-61608
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61608
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61609 - "Zyxel Modem Remote Denial of Service Vulnerability"
CVE ID : CVE-2025-61609
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61609
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61610 - NR Modem Denial of Service Vulnerability
CVE ID : CVE-2025-61610
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61610
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61617 - "NR Modem Denial of Service Vulnerability"
CVE ID : CVE-2025-61617
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61617
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61618 - NR Modem Denial of Service
CVE ID : CVE-2025-61618
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61618
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61619 - "NR Modem Denial of Service Vulnerability"
CVE ID : CVE-2025-61619
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61619
Published : Dec. 1, 2025, 8:15 a.m. | 1 hour, 15 minutes ago
Description : In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13815 - moxi159753 Mogu Blog v2 pictures unrestricted upload
CVE ID : CVE-2025-13815
Published : Dec. 1, 2025, 9:16 a.m. | 14 minutes ago
Description : A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13815
Published : Dec. 1, 2025, 9:16 a.m. | 14 minutes ago
Description : A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13816 - moxi159753 Mogu Blog v2 ZIP File unzipFile FileOperation.unzip path traversal
CVE ID : CVE-2025-13816
Published : Dec. 1, 2025, 9:16 a.m. | 14 minutes ago
Description : A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13816
Published : Dec. 1, 2025, 9:16 a.m. | 14 minutes ago
Description : A security vulnerability has been detected in moxi159753 Mogu Blog v2 up to 5.2. The impacted element is the function FileOperation.unzip of the file /networkDisk/unzipFile of the component ZIP File Handler. Such manipulation of the argument fileUrl leads to path traversal. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13819 - Open redirect in web server of MiR robots and MiR fleet
CVE ID : CVE-2025-13819
Published : Dec. 1, 2025, 10:15 a.m. | 3 hours, 16 minutes ago
Description : Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13819
Published : Dec. 1, 2025, 10:15 a.m. | 3 hours, 16 minutes ago
Description : Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41700 - CODESYS Development System - Deserialization of Untrusted Data
CVE ID : CVE-2025-41700
Published : Dec. 1, 2025, 10:16 a.m. | 3 hours, 16 minutes ago
Description : An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41700
Published : Dec. 1, 2025, 10:16 a.m. | 3 hours, 16 minutes ago
Description : An unauthenticated attacker can trick a local user into executing arbitrary code by opening a deliberately manipulated CODESYS project file with a CODESYS development system. This arbitrary code is executed in the user context.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41738 - CODESYS Control - Invalid type usage in visualization
CVE ID : CVE-2025-41738
Published : Dec. 1, 2025, 10:16 a.m. | 3 hours, 16 minutes ago
Description : An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41738
Published : Dec. 1, 2025, 10:16 a.m. | 3 hours, 16 minutes ago
Description : An unauthenticated remote attacker may cause the visualisation server of the CODESYS Control runtime system to access a resource with a pointer of wrong type, potentially leading to a denial-of-service (DoS) condition.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...