CVE Notify
19.4K subscribers
4 photos
206K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
๐Ÿšจ CVE-2025-44619
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-46041
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-41502
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-41503
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-41504
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2024-41505
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-46035
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-46060
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-44528
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS).

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-44531
An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-44915
A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-44141
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-44559
An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2023-47310
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-45931
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-45029
WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-29267
SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-44526
Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

๐ŸŽ–@cveNotify
๐Ÿšจ CVE-2025-44525
Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

๐ŸŽ–@cveNotify