CVE-2025-5448 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-5448
Published : Dec. 24, 2025, 2:15 p.m. | 2 hours, 57 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5448
Published : Dec. 24, 2025, 2:15 p.m. | 2 hours, 57 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2154 - Stored XSS in EchoCCS's Specto CM
CVE ID : CVE-2025-2154
Published : Dec. 24, 2025, 3:16 p.m. | 1 hour, 57 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2154
Published : Dec. 24, 2025, 3:16 p.m. | 1 hour, 57 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Stored XSS.This issue affects Specto CM: before 17032025.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2155 - Arbitrary File Upload in EchoCCS's Specto CM
CVE ID : CVE-2025-2155
Published : Dec. 24, 2025, 3:16 p.m. | 1 hour, 57 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2155
Published : Dec. 24, 2025, 3:16 p.m. | 1 hour, 57 minutes ago
Description : Unrestricted Upload of File with Dangerous Type vulnerability in Echo Call Center Services Trade and Industry Inc. Specto CM allows Remote Code Inclusion.This issue affects Specto CM: before 17032025.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-60935 - Blitz Panel Open Redirect Vulnerability
CVE ID : CVE-2025-60935
Published : Dec. 24, 2025, 3:16 p.m. | 1 hour, 57 minutes ago
Description : An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-60935
Published : Dec. 24, 2025, 3:16 p.m. | 1 hour, 57 minutes ago
Description : An open redirect vulnerability in the login endpoint of Blitz Panel v1.17.0 allows attackers to redirect users to malicious domains via a crafted URL. This issue affects the next_url parameter in the login endpoint and could lead to phishing or token theft after successful authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-35322 - MyNET Reflected Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2024-35322
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ficheiro parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-35322
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : MyNET up to v26.08 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the ficheiro parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-39037 - MyNET SQL Injection
CVE ID : CVE-2024-39037
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : MyNET up to v26.08.316 was discovered to contain an Unauthenticated SQL Injection vulnerability via the intmenu parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-39037
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : MyNET up to v26.08.316 was discovered to contain an Unauthenticated SQL Injection vulnerability via the intmenu parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-40317 - MyNET Reflected Cross-Site Scripting (XSS)
CVE ID : CVE-2024-40317
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-40317
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability in MyNET up to v26.08 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload into the parameter HTTP.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43875 - iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - getOptionsInfo
CVE ID : CVE-2025-43875
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : Under certain circumstances a successful exploitation could result in access to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43875
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : Under certain circumstances a successful exploitation could result in access to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-43876 - iSTAR Ultra, Ultra SE, Ultra G2, Ultra G2 SE, iSTAR Edge G2 - Authenticated web application command injection - get8021xSettings
CVE ID : CVE-2025-43876
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : Under certain circumstances a successful exploitation could result in access to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-43876
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : Under certain circumstances a successful exploitation could result in access to the device.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68750 - usb: potential integer overflow in usbg_make_tpg()
CVE ID : CVE-2025-68750
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and adjusted the relevant code accordingly. This patch is similar to commit 59c816c1f24d ("vhost/scsi: potential memory corruption").
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68750
Published : Dec. 24, 2025, 4:15 p.m. | 57 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: usb: potential integer overflow in usbg_make_tpg() The variable tpgt in usbg_make_tpg() is defined as unsigned long and is assigned to tpgt->tport_tpgt, which is defined as u16. This may cause an integer overflow when tpgt is greater than USHRT_MAX (65535). I haven't tried to trigger it myself, but it is possible to trigger it by calling usbg_make_tpg() with a large value for tpgt. I modified the type of tpgt to match tpgt->tport_tpgt and adjusted the relevant code accordingly. This patch is similar to commit 59c816c1f24d ("vhost/scsi: potential memory corruption").
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-2515 - Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies
CVE ID : CVE-2025-2515
Published : Dec. 24, 2025, 4:21 p.m. | 51 minutes ago
Description : A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-2515
Published : Dec. 24, 2025, 4:21 p.m. | 51 minutes ago
Description : A vulnerability was found in BlueChi, a multi-node systemd service controller used in RHIVOS. This flaw allows a user with root privileges on a managed node (qm) to create or override systemd service unit files that affect the host node. This issue can lead to privilege escalation, unauthorized service execution, and potential system compromise.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25239 - V-SOL GPON/EPON OLT Platform 2.03 Unauthenticated Configuration Download
CVE ID : CVE-2019-25239
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25239
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : V-SOL GPON/EPON OLT Platform 2.03 contains an unauthenticated information disclosure vulnerability that allows attackers to download configuration files via direct object reference. Attackers can retrieve sensitive configuration data by sending HTTP GET requests to the usrcfg.conf endpoint, potentially enabling authentication bypass and system access.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25240 - Rifatron 5brid DVR 5brid DVR (HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504) Unauthenticated Live Stream Disclosure via animate.cgi
CVE ID : CVE-2019-25240
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25240
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Rifatron 5brid DVR contains an unauthenticated vulnerability in the animate.cgi script that allows unauthorized access to live video streams. Attackers can exploit the Mobile Web Viewer module by specifying channel numbers to retrieve sequential video snapshots without authentication.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25241 - FaceSentry Access Control System 6.4.8 Remote SSH Root Access
CVE ID : CVE-2019-25241
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25241
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : FaceSentry Access Control System 6.4.8 contains a critical authentication vulnerability with hard-coded SSH credentials for the wwwuser account. Attackers can leverage the insecure sudoers configuration to escalate privileges and gain root access by executing sudo commands without authentication.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25242 - FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery via Web Interface
CVE ID : CVE-2019-25242
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25242
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25243 - FaceSentry 6.4.8 Authenticated Remote Command Injection via Ping Test
CVE ID : CVE-2019-25243
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25243
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25244 - Legrand BTicino Driver Manager F454 1.0.51 CSRF and Stored XSS Vulnerabilities
CVE ID : CVE-2019-25244
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25244
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Legrand BTicino Driver Manager F454 1.0.51 contains multiple web vulnerabilities that allow attackers to perform administrative actions without proper request validation. Attackers can exploit cross-site request forgery to change passwords and inject stored cross-site scripting payloads through unvalidated GET parameters.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25245 - Ross Video DashBoard 8.5.1 Privilege Escalation via Insecure Permissions
CVE ID : CVE-2019-25245
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25245
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Ross Video DashBoard 8.5.1 contains an elevation of privileges vulnerability that allows authenticated users to modify executable files due to improper permission settings. Attackers can exploit the 'M' or 'C' flags for 'Authenticated Users' group to replace the DashBoard.exe binary with a malicious executable.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25246 - Beward N100 H.264 VGA IP Camera M2.1.6 Authenticated File Disclosure
CVE ID : CVE-2019-25246
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and /etc/issue by supplying absolute file paths.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25246
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and /etc/issue by supplying absolute file paths.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25247 - Beward N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Vulnerability
CVE ID : CVE-2019-25247
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25247
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2019-25248 - Beward N100 M2.1.6 Unauthenticated RTSP Video Stream Disclosure
CVE ID : CVE-2019-25248
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2019-25248
Published : Dec. 24, 2025, 8:15 p.m. | 58 minutes ago
Description : Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...