๐จ CVE-2025-10273
A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
# 10 OA V1.0 /view/file.aspx File Path Traversal ยท Issue #8 ยท 1276486/CVE
10 OA V1.0 /view/file.aspx File Path Traversal NAME OF AFFECTED PRODUCT(S) 10 OA Vendor Homepage https://www.10oa.com/ AFFECTED AND/OR FIXED VERSION(S) submitter -Zre0x1c Vulnerable File /view/file...
๐จ CVE-2025-10274
A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
# 10 OA V1.0 /trial/mvc/item reflected XSS ยท Issue #9 ยท 1276486/CVE
10 OA V1.0 /trial/mvc/item reflected XSS NAME OF AFFECTED PRODUCT(S) 10 OA Vendor Homepage https://www.10oa.com/ AFFECTED AND/OR FIXED VERSION(S) submitter -Zre0x1c Vulnerable File /trial/mvc/item ...
๐จ CVE-2025-56562
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.
๐@cveNotify
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.
๐@cveNotify
Signify United Kingdom
Home | Signify United Kingdom
Signify is the world leader in connected LED lighting systems, software and services. Our global brands include Philips, Interact, Color Kinetics, Dynalite.
๐จ CVE-2025-56557
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.
๐@cveNotify
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.
๐@cveNotify
Tuya
Tuya Smart - Global AI Cloud Platform Service Provider
Tuya Inc. (NYSE: TUYA; HKEX: 2391) is a global leading AI cloud platform service provider with a mission to build an AIoT developer ecosystem enable everything to be smart.
๐จ CVE-2025-10234
A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
Medium
CVE-2025โ10234: Stored XSS in Scada-LTS Data Point Edit
๐ Overview
๐จ CVE-2025-10235
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A flaw has been found in Scada-LTS up to 2.7.8.1. This issue affects some unknown processing of the file /reports.shtm of the component Reports Module. This manipulation of the argument Colour causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
Medium
CVE-2025โ10235: Stored XSS in Scada-LTS Reports Module (Colour Field)
๐ Overview
๐จ CVE-2025-57579
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password
๐@cveNotify
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password
๐@cveNotify
GitHub
iot-cve/TOLOLINK/X2000R-Gh-V2.0.0.md at main ยท XXRicardo/iot-cve
some cve. Contribute to XXRicardo/iot-cve development by creating an account on GitHub.
๐จ CVE-2024-45431
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID (CID). An attacker can leverage this to create an L2CAP channel with the null identifier assigned as a remote CID.
๐@cveNotify
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID (CID). An attacker can leverage this to create an L2CAP channel with the null identifier assigned as a remote CID.
๐@cveNotify
Pcacybersecurity
Critical Vulnerabilities Blue SDK OpenSynergy | PCA Advisory
PCA Cyber Security researchers identified and announced critical vulnerabilities in the Bluetooth stack of Blue SDK. PCA Researchers name the discovered vulnerability chain PerfektBlue. PerfektBlue - 1-click RCE attack affects millions of devices used byโฆ
๐จ CVE-2024-45432
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpected behavior or obtain sensitive information.
๐@cveNotify
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpected behavior or obtain sensitive information.
๐@cveNotify
Pcacybersecurity
Critical Vulnerabilities Blue SDK OpenSynergy | PCA Advisory
PCA Cyber Security researchers identified and announced critical vulnerabilities in the Bluetooth stack of Blue SDK. PCA Researchers name the discovered vulnerability chain PerfektBlue. PerfektBlue - 1-click RCE attack affects millions of devices used byโฆ
๐จ CVE-2024-45433
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper return control flow after detecting an unusual condition. An attacker can leverage this to bypass a security validation and make the incoming data be processed.
๐@cveNotify
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper return control flow after detecting an unusual condition. An attacker can leverage this to bypass a security validation and make the incoming data be processed.
๐@cveNotify
Pcacybersecurity
Critical Vulnerabilities Blue SDK OpenSynergy | PCA Advisory
PCA Cyber Security researchers identified and announced critical vulnerabilities in the Bluetooth stack of Blue SDK. PCA Researchers name the discovered vulnerability chain PerfektBlue. PerfektBlue - 1-click RCE attack affects millions of devices used byโฆ
๐จ CVE-2025-59740
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
๐@cveNotify
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
๐@cveNotify
www.incibe.es
[Update 24/09/2025] Multiple vulnerabilities in AndSoft's e-TMS
INCIBE has coordinated the publication of 40 vulnerabilities: 8 critical, 1 high and 31 medium severit
๐จ CVE-2025-59741
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/CLT/LOGINERRORFRM.ASP'.
๐@cveNotify
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/CLT/LOGINERRORFRM.ASP'.
๐@cveNotify
www.incibe.es
[Update 24/09/2025] Multiple vulnerabilities in AndSoft's e-TMS
INCIBE has coordinated the publication of 40 vulnerabilities: 8 critical, 1 high and 31 medium severit
๐จ CVE-2025-59742
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACK_REQUESTFRMSQL.ASP'.
๐@cveNotify
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACK_REQUESTFRMSQL.ASP'.
๐@cveNotify
www.incibe.es
[Update 24/09/2025] Multiple vulnerabilities in AndSoft's e-TMS
INCIBE has coordinated the publication of 40 vulnerabilities: 8 critical, 1 high and 31 medium severit
๐จ CVE-2025-59743
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'.
๐@cveNotify
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'.
๐@cveNotify
www.incibe.es
[Update 24/09/2025] Multiple vulnerabilities in AndSoft's e-TMS
INCIBE has coordinated the publication of 40 vulnerabilities: 8 critical, 1 high and 31 medium severit
๐จ CVE-2025-59744
Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the โdocurlโ parameter in โ/lib/asp/DOCSAVEASASP.ASPโ.
๐@cveNotify
Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the โdocurlโ parameter in โ/lib/asp/DOCSAVEASASP.ASPโ.
๐@cveNotify
www.incibe.es
[Update 24/09/2025] Multiple vulnerabilities in AndSoft's e-TMS
INCIBE has coordinated the publication of 40 vulnerabilities: 8 critical, 1 high and 31 medium severit
๐จ CVE-2024-39819
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
๐@cveNotify
Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.
๐@cveNotify
Zoom
ZSB-24026
๐จ CVE-2024-39826
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
๐@cveNotify
Race condition in Team Chat for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct information disclosure via network access.
๐@cveNotify
Zoom
ZSB-24023
๐จ CVE-2024-39823
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
๐@cveNotify
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
๐@cveNotify
Zoom
ZSB-24030
๐จ CVE-2024-39824
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
๐@cveNotify
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
๐@cveNotify
Zoom
ZSB-24030
๐จ CVE-2024-42434
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
๐@cveNotify
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
๐@cveNotify
Zoom
ZSB-24030
๐จ CVE-2024-42441
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
๐@cveNotify
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
๐@cveNotify
Zoom
ZSB-24034
๐ฅ1