๐จ CVE-2025-69271
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
๐@cveNotify
Insufficiently Protected Credentials vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 24.3.13 and earlier.
๐@cveNotify
๐จ CVE-2025-69272
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
๐@cveNotify
Cleartext Transmission of Sensitive Information vulnerability in Broadcom DX NetOps Spectrum on Windows, Linux allows Sniffing Attacks.This issue affects DX NetOps Spectrum: 21.2.1 and earlier.
๐@cveNotify
๐จ CVE-2026-22693
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.
๐@cveNotify
HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hb_malloc returns NULL before using placement new to construct an object at the returned pointer address. When hb_malloc fails to allocate memory (which can occur in low-memory conditions or when using custom allocators that simulate allocation failures), it returns NULL. The code then attempts to call the constructor on this null pointer using placement new syntax, resulting in undefined behavior and a Segmentation Fault. This issue has been patched in version 12.3.0.
๐@cveNotify
GitHub
[cmap] malloc fail test (#5710) ยท harfbuzz/harfbuzz@1265ff8
Fixes https://github.com/harfbuzz/harfbuzz/security/advisories/GHSA-xvjr-f2r9-c7ww
๐จ CVE-2025-14579
The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
๐@cveNotify
WPScan
Quiz Maker < 6.7.0.89 - Admin+ Stored XSS
See details on Quiz Maker < 6.7.0.89 - Admin+ Stored XSS CVE 2025-14579. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2026-0854
Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
๐@cveNotify
Certain DVR/NVR models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
๐@cveNotify
๐จ CVE-2026-0855
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
๐@cveNotify
Certain IP Camera models developed by Merit LILIN has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device.
๐@cveNotify
๐จ CVE-2026-22184
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.
๐@cveNotify
zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname() function copies an attacker-supplied archive name from argv[] into a fixed-size 1024-byte static global buffer using an unbounded strcpy() call without length validation. Supplying an archive name longer than 1024 bytes results in an out-of-bounds write that can lead to memory corruption, denial of service, and potentially code execution depending on compiler, build flags, architecture, and memory layout. The overflow occurs prior to any archive parsing or validation.
๐@cveNotify
GitHub
GitHub - madler/zlib: A massively spiffy yet delicately unobtrusive compression library.
A massively spiffy yet delicately unobtrusive compression library. - madler/zlib
๐จ CVE-2025-50572
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.
๐@cveNotify
Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product.
๐@cveNotify
Archer
Archer | Electric Air Taxis
Archer is designing and developing electric vertical takeoff and landing (eVTOL) aircraft for use in urban air mobility networks. Archerโs mission is to unlock the skies, freeing everyone to reimagine how they move and spend time. Archer's team is based inโฆ
๐จ CVE-2025-20772
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20773
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20775
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20781
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4699.
๐@cveNotify
MediaTek
January 2026
๐จ CVE-2025-20786
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10149882; Issue ID: MSV-4673.
๐@cveNotify
MediaTek
January 2026
๐จ CVE-2023-34975
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later
๐@cveNotify
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QuTS hero h4.5.4.2626 build 20231225 and later
QTS 4.5.4.2627 build 20231225 and later
๐@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Multiple Vulnerabilities in QTS, QuTS hero, and QuTScloud - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
๐จ CVE-2023-34976
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
๐@cveNotify
A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.7.0 ( 2023/07/27 ) and later
๐@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerabilities in Video Station - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
๐จ CVE-2025-20765
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
๐@cveNotify
In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-52694
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.
๐@cveNotify
Successful exploitation of the SQL injection vulnerability could allow an unauthenticated remote attacker to execute arbitrary SQL commands on the vulnerable service when it is exposed to the Internet.
๐@cveNotify
Cyber Security Agency of Singapore
Critical Vulnerability in Advantech Products
CSA has issued 1 CVE ID to a vulnerability in Advantech Products. Users and administrators of the affected product versions are advised to update to the latest versions immediately.
๐จ CVE-2025-40975
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to โ/hrmgo/ticket/changereplyโ, using the โdescriptionโ parameter.
๐@cveNotify
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's HRMGo, consisting of a lack of proper validation of user input by sending a POST request to โ/hrmgo/ticket/changereplyโ, using the โdescriptionโ parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in WorkDo products
INCIBE has coordinated the publication of four vulnerabilities, all of medium severity, affecting Tick
๐จ CVE-2025-40976
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to โ/ticketgo-saas/homeโ, using the โdescriptionโ parameter.
๐@cveNotify
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's TicketGo, consisting of a lack of proper validation of user input by sending a POST request to โ/ticketgo-saas/homeโ, using the โdescriptionโ parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in WorkDo products
INCIBE has coordinated the publication of four vulnerabilities, all of medium severity, affecting Tick
๐จ CVE-2025-40977
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to โ/store-ticketโ, using the โsubjectโ and โdescriptionโ parameters.
๐@cveNotify
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a lack of proper validation of user input by sending a POST request to โ/store-ticketโ, using the โsubjectโ and โdescriptionโ parameters.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in WorkDo products
INCIBE has coordinated the publication of four vulnerabilities, all of medium severity, affecting Tick
๐จ CVE-2025-40978
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to โ/ticket/x/conversionโ, using the โreply_descriptionโ parameter.
๐@cveNotify
Stored Cross-Site Scripting (XSS) vulnerability in WorkDo's eCommerceGo SaaS, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request to โ/ticket/x/conversionโ, using the โreply_descriptionโ parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in WorkDo products
INCIBE has coordinated the publication of four vulnerabilities, all of medium severity, affecting Tick