Security

CVE ID : CVE-2025-31267

Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago

Description : An authentication issue was addressed with improved state management. This issue is fixed in App Store Connect 3.0. An attacker with physical access to an unlocked device may be able to view sensitive user information.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7419

Published : July 10, 2025, 11:15 p.m. | 2 hours, 30 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been classified as critical. This affects the function fromSpeedTestSet of the file /goform/setRateTest of the component httpd. The manipulation of the argument destIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-41442

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating certain input parameters, an attacker could execute
unauthorized scripts in the user’s browser, potentially leading to
information disclosure or other malicious activities.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46704

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView in
NetworkServlet.processImportRequest() that could allow for a directory
traversal attack. This issue requires an authenticated attacker with at
least user-level privileges. A specific parameter is not properly
sanitized or normalized, potentially allowing an attacker to determine
the existence of arbitrary files on the server.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46358

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : Emerson ValveLink products
do not use or incorrectly uses a protection mechanism that provides
sufficient defense against directed attacks against the product.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48496

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : Emerson ValveLink products
use a fixed or controlled search path to find resources, but one or
more locations in that path can be under the control of unintended
actors.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48891

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView that could allow for SQL
injection through the CUtils.checkSQLInjection() function. This
vulnerability can be exploited by an authenticated attacker with at
least user-level privileges, potentially leading to information
disclosure or a denial-of-service condition.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52577

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability exists in Advantech iView that could allow SQL injection
and remote code execution through NetworkServlet.archiveTrapRange().
This issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not properly sanitized,
allowing an attacker to perform SQL injection and potentially execute
code in the context of the ‘nt authoritylocal service’ account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-50109

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : Emerson ValveLink Products store
sensitive information in cleartext within a resource that might be accessible to another control sphere.

Severity: 7.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52579

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : Emerson ValveLink Products store sensitive information in cleartext in memory. The
sensitive memory might be saved to disk, stored in a core dump, or
remain uncleared if the product crashes, or if the programmer does not
properly clear the memory before freeing it.

Severity: 9.4 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52459

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView that allows for argument
injection in NetworkServlet.backupDatabase(). This issue requires an
authenticated attacker with at least user-level privileges. Certain
parameters can be used directly in a command without proper
sanitization, allowing arbitrary arguments to be injected. This can
result in information disclosure, including sensitive database
credentials.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53397

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By exploiting this flaw, an attacker could execute unauthorized scripts
in the user’s browser, potentially leading to information disclosure or
other malicious activities.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53471

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : Emerson ValveLink products
receive input or data, but it do not validate or incorrectly
validates that the input has the properties that are required to process
the data safely and correctly.

Severity: 5.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53475

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability exists in Advantech iView that could allow for SQL
injection and remote code execution through
NetworkServlet.getNextTrapPage(). This issue requires an authenticated
attacker with at least user-level privileges. Certain parameters in this
function are not properly sanitized, allowing an attacker to perform
SQL injection and potentially execute code in the context of the ‘nt
authoritylocal service’ account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53519

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView versions prior to 5.7.05 build
7057, which could allow a reflected cross-site scripting (XSS) attack.
By manipulating specific parameters, an attacker could execute
unauthorized scripts in the user’s browser, potentially leading to
information disclosure or other malicious activities.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53515

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability exists in Advantech iView that allows for SQL injection
and remote code execution through NetworkServlet.archiveTrap(). This
issue requires an authenticated attacker with at least user-level
privileges. Certain input parameters are not sanitized, allowing an
attacker to perform SQL injection and potentially execute code in the
context of the ‘nt authoritylocal service’ account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53509

Published : July 11, 2025, 12:15 a.m. | 1 hour, 30 minutes ago

Description : A vulnerability exists in Advantech iView that allows for argument
injection in the NetworkServlet.restoreDatabase(). This issue requires
an authenticated attacker with at least user-level privileges. An input
parameter can be used directly in a command without proper sanitization,
allowing arbitrary arguments to be injected. This can result in
information disclosure, including sensitive database credentials.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7420

Published : July 11, 2025, 12:15 a.m. | 2 hours, 44 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been declared as critical. This vulnerability affects the function formWifiBasicSet of the file /goform/setWrlBasicInfo of the component httpd. The manipulation of the argument extChannel leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5241

Published : July 11, 2025, 1:15 a.m. | 30 minutes ago

Description : Overly Restrictive Account Lockout Mechanism vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series allows a remote unauthenticated attacker to lockout legitimate users for a certain period by repeatedly attempting to login with incorrect passwords. The legitimate users will be unable to login until a certain period has passed after the lockout or until the product is reset.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7421

Published : July 11, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : A vulnerability was found in Tenda O3V2 1.0.0.12(3880). It has been rated as critical. This issue affects the function fromMacFilterModify of the file /goform/operateMacFilter of the component httpd. The manipulation of the argument mac leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…