Common Vulnerabilities and Exposures (CVEs)

CVE ID : CVE-2025-7094

Published : July 6, 2025, 9:15 p.m. | 7 hours, 44 minutes ago

Description : A vulnerability was found in Belkin F9K1122 1.00.33. It has been rated as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument submit-url-ok leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7096

Published : July 6, 2025, 10:15 p.m. | 6 hours, 44 minutes ago

Description : A vulnerability classified as critical was found in Comodo Internet Security Premium 12.3.4.8162. This vulnerability affects unknown code of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation leads to improper validation of integrity check value. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7097

Published : July 6, 2025, 11:15 p.m. | 5 hours, 44 minutes ago

Description : A vulnerability, which was classified as critical, has been found in Comodo Internet Security Premium 12.3.4.8162. This issue affects some unknown processing of the file cis_update_x64.xml of the component Manifest File Handler. The manipulation of the argument binary/params leads to os command injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53173

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Stack overflow risk when vector images are parsed during file preview
Impact: Successful exploitation of this vulnerability may affect the file preview function.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53174

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Stack overflow risk when vector images are parsed during file preview
Impact: Successful exploitation of this vulnerability may affect the file preview function.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53175

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Stack overflow risk when vector images are parsed during file preview
Impact: Successful exploitation of this vulnerability may affect the file preview function.

Severity: 4.0 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53176

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Stack overflow risk when vector images are parsed during file preview
Impact: Successful exploitation of this vulnerability may affect the file preview function.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53177

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Permission bypass vulnerability in the calendar storage module
Impact: Successful exploitation of this vulnerability may affect the schedule syncing function of watches.

Severity: 3.9 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53179

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53178

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Permission bypass vulnerability in the calendar storage module
Impact: Successful exploitation of this vulnerability may affect the schedule reminder function of head units.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53180

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53181

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53182

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53184

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53183

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Null pointer dereference vulnerability in the PDF preview module
Impact: Successful exploitation of this vulnerability may affect function stability.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53185

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Virtual address reuse issue in the memory management module, which can be exploited by non-privileged users to access released memory
Impact: Successful exploitation of this vulnerability may affect service integrity.

Severity: 6.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53186

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : Vulnerability that allows third-party call apps to send broadcasts without verification in the audio framework module
Impact: Successful exploitation of this vulnerability may affect availability.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7107

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLocalFile of the file apps/sim/app/api/files/parse/route.ts. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as b2450530d1ddd0397a11001a72aa0fde401db16a. It is recommended to apply a patch to fix this issue.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7108

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : A vulnerability classified as critical was found in risesoft-y9 Digital-Infrastructure up to 9.6.7. Affected by this vulnerability is the function deleteFile of the file /Digital-Infrastructure-9.6.7/y9-digitalbase-webapp/y9-module-filemanager/risenet-y9boot-webapp-filemanager/src/main/java/net/risesoft/y9public/controller/Y9FileController.java. The manipulation of the argument fullPath leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7109

Published : July 7, 2025, 3:15 a.m. | 3 hours, 7 minutes ago

Description : A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…