CVE ID : CVE-2025-46414

Published : Aug. 8, 2025, 5:15 p.m. | 6 hours, 44 minutes ago

Description : The affected product does not limit the number of attempts for inputting
the correct PIN for a registered product, which may allow an attacker
to gain unauthorized access using brute-force methods if they possess a
valid device serial number. The API provides clear feedback when the
correct PIN is entered. This vulnerability was patched in a server-side
update on April 6, 2025.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53520

Published : Aug. 8, 2025, 5:15 p.m. | 6 hours, 44 minutes ago

Description : The affected product allows firmware updates to be downloaded from EG4’s
website, transferred via USB dongles, or installed through EG4’s
Monitoring Center (remote, cloud-connected interface) or via a serial
connection, and can install these files without integrity checks. The
TTComp archive format used for the firmware is unencrypted and can be
unpacked and altered without detection.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8284

Published : Aug. 8, 2025, 5:15 p.m. | 6 hours, 44 minutes ago

Description : By default, the Packet Power Monitoring and Control Web Interface do not
enforce authentication mechanisms. This vulnerability could allow
unauthorized users to access and manipulate monitoring and control
functions.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52913

Published : Aug. 8, 2025, 6:15 p.m. | 5 hours, 44 minutes ago

Description : A vulnerability in the NuPoint Unified Messaging (NPM) component of Mitel MiCollab through 9.8 SP2 (9.8.2.12) could allow an unauthenticated attacker to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow unauthorized access, enabling the attacker to view, corrupt, or delete users’ data and system configurations.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52914

Published : Aug. 8, 2025, 6:15 p.m. | 5 hours, 44 minutes ago

Description : A vulnerability in the Suite Applications Services component of Mitel MiCollab 10.0 through SP1 FP1 (10.0.1.101) could allow an authenticated attacker to conduct a SQL Injection attack due to insufficient validation of user input. A successful exploit could allow an attacker to execute arbitrary SQL database commands.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5095

Published : Aug. 8, 2025, 6:15 p.m. | 5 hours, 44 minutes ago

Description : Burk Technology ARC Solo’s password change mechanism can be utilized without proper
authentication procedures, allowing an attacker to take over the device.
A password change request can be sent directly to the device’s HTTP
endpoint without providing valid credentials. The system does not
enforce proper authentication or session validation, allowing the
password change to proceed without verifying the request’s legitimacy.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10043

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the “Import Users from File” functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set “ECMA-94 / Latin 1 (ISO 8859)”. Successful exploitation may result in arbitrary code execution, leading to full system compromise. User interaction is required to trigger the vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10044

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10045

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : XODA version 0.4.5 contains an unauthenticated file upload vulnerability that allows remote attackers to execute arbitrary PHP code on the server. The flaw resides in the upload functionality, which fails to properly validate or restrict uploaded file types. By crafting a multipart/form-data POST request, an attacker can upload a .php file directly into the web-accessible files/ directory and trigger its execution via a subsequent GET request.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10046

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : The E-Mail Security Virtual Appliance (ESVA) (tested on version ESVA_2057) contains an unauthenticated command injection vulnerability in the learn-msg.cgi script. The CGI handler fails to sanitize user-supplied input passed via the id parameter, allowing attackers to inject arbitrary shell commands. Exploitation requires no authentication and results in full command execution on the underlying system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10047

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : Cyclope Employee Surveillance Solution versions 6.x is vulnerable to a SQL injection flaw in its login mechanism. The username parameter in the auth-login POST request is not properly sanitized, allowing attackers to inject arbitrary SQL statements. This can be leveraged to write and execute a malicious PHP file on disk, resulting in remote code execution under the SYSTEM user context.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10048

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10049

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : WebPageTest version 2.6 and earlier contains an arbitrary file upload vulnerability in the resultimage.php script. The application fails to validate or sanitize user-supplied input before saving uploaded files to a publicly accessible directory. This flaw allows remote attackers to upload and execute arbitrary PHP code, resulting in full remote code execution under the web server context.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10050

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : CuteFlow version 2.11.2 and earlier contains an arbitrary file upload vulnerability in the restart_circulation_values_write.php script. The application fails to validate or restrict uploaded file types, allowing unauthenticated attackers to upload arbitrary PHP files to the upload/___1/ directory. These files are then accessible via the web server, enabling remote code execution.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10051

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10052

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10053

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4796

Published : Aug. 8, 2025, 7:15 p.m. | 4 hours, 44 minutes ago

Description : The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user’s identity or capability prior to updating their details like email in the ‘EventinSpeakerApiSpeakerController::update_item’ function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user’s email addresses, including administrators, and leverage that to reset the user’s password and gain access to their account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8736

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8735

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…