Total
51 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-46997 | 1 Passhunt Project | 1 Passhunt | 2025-04-21 | N/A | 9.8 CRITICAL |
| Passhunt commit 54eb987d30ead2b8ebbf1f0b880aa14249323867 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-46996 | 1 Vsphere Selfuse Project | 1 Vsphere Selfuse | 2025-04-21 | N/A | 9.8 CRITICAL |
| vSphere_selfuse commit 2a9fe074a64f6a0dd8ac02f21e2f10d66cac5749 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | |||||
| CVE-2022-1741 | 1 Dominionvoting | 2 Democracy Suite, Imagecast X | 2025-04-17 | 7.2 HIGH | 6.8 MEDIUM |
| The tested version of Dominion Voting Systems ImageCast X has a Terminal Emulator application which could be leveraged by an attacker to gain elevated privileges on a device and/or install malicious code. | |||||
| CVE-2025-32370 | 1 Kentico | 1 Xperience | 2025-04-08 | N/A | 7.2 HIGH |
| Kentico Xperience before 13.0.178 has a specific set of allowed ContentUploader file extensions for unauthenticated uploads; however, because .zip is processed through TryZipProviderSafe, there is additional functionality to create files with other extensions. NOTE: this is a separate issue not necessarily related to SVG or XSS. | |||||
| CVE-2023-22316 | 1 Pixela | 2 Pix-rt100, Pix-rt100 Firmware | 2025-04-04 | N/A | 6.5 MEDIUM |
| Hidden functionality vulnerability in PIX-RT100 versions RT100_TEQ_2.1.1_EQ101 and RT100_TEQ_2.1.2_EQ101 allows a network-adjacent attacker to access the product via undocumented Telnet or SSH services. | |||||
| CVE-2024-20439 | 1 Cisco | 1 Smart License Utility | 2025-04-03 | N/A | 9.8 CRITICAL |
| A vulnerability in Cisco Smart Licensing Utility (CSLU) could allow an unauthenticated, remote attacker to log into an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to login to the affected system. A successful exploit could allow the attacker to login to the affected system with administrative rights over the CSLU application API. | |||||
| CVE-2025-2894 | 2025-04-03 | N/A | 6.6 MEDIUM | ||
| The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service. | |||||
| CVE-2022-47767 | 1 Solar-log | 18 Solar-log 1000, Solar-log 1000 Firmware, Solar-log 1000 Pm\+ and 15 more | 2025-04-01 | N/A | 9.8 CRITICAL |
| A backdoor in Solar-Log Gateway products allows remote access via web panel gaining super administration privileges to the attacker. This affects Solar-Log devices that use firmware version v4.2.7 up to v5.1.1 (included). This does not exist in SL 200, 500, 1000 / fixed in 4.2.8 for SL 250, 300, 1200, 2000, SL 50 Gateway / fixed in 5.1.2 / 6.0.0 for SL Base. | |||||
| CVE-2023-24108 | 1 Zetacomponenets | 1 Mvctools | 2025-03-13 | N/A | 9.8 CRITICAL |
| MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code. | |||||
| CVE-2025-27840 | 1 Espressif | 2 Esp32, Esp32 Firmware | 2025-03-12 | N/A | 6.8 MEDIUM |
| Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). | |||||
| CVE-2021-36403 | 1 Moodle | 1 Moodle | 2025-03-07 | N/A | 5.3 MEDIUM |
| In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk. | |||||
| CVE-2025-0626 | 2025-03-01 | N/A | 7.5 HIGH | ||
| The "monitor" binary in the firmware of the affected product attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function also enables the network interface of the device if it is disabled. The function is triggered by attempting to update the device from the user menu. This could serve as a backdoor to the device, and could lead to a malicious actor being able to upload and overwrite files on the device. | |||||
| CVE-2025-1204 | 2025-02-25 | N/A | N/A | ||
| The "update" binary in the firmware of the affected product sends attempts to mount to a hard-coded, routable IP address, bypassing existing device network settings to do so. The function triggers if the 'C' button is pressed at a specific time during the boot process. If an attacker is able to control or impersonate this IP address, they could upload and overwrite files on the device. | |||||
| CVE-2021-25371 | 1 Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2025-02-14 | 7.2 HIGH | 6.1 MEDIUM |
| A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | |||||
| CVE-2025-0675 | 2025-02-07 | N/A | 7.5 HIGH | ||
| Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. | |||||
| CVE-2024-39754 | 2025-01-14 | N/A | 10.0 CRITICAL | ||
| A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability. | |||||
| CVE-2024-28011 | 2025-01-14 | N/A | 9.8 CRITICAL | ||
| Hidden Functionality vulnerability in NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX(-MS), WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP, WG1800HP, WG1400HP, WR8175N, WR9300N, WR8750N, WR8160N, WR9500N, WR8600N, WR8370N, WR8170N, WR8700N, WR8300N, WR8150N, WR4100N, WR4500N, WR8100N, WR8500N, CR2500P, WR8400N, WR8200N, WR1200H, WR7870S, WR6670S, WR7850S, WR6650S, WR6600H, WR7800H, WM3400RN, WM3450RN, WM3500R, WM3600R, WM3800R, WR8166N, MR01LN MR02LN, WG1810HP(JE) and WG1810HP(MF) all versions allows a attacker to execute an arbitrary OS command with the root privilege via the internet | |||||
| CVE-2024-13062 | 2025-01-02 | N/A | 7.2 HIGH | ||
| An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | |||||
| CVE-2024-10773 | 2024-12-06 | N/A | 9.0 CRITICAL | ||
| The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. | |||||
| CVE-2024-5514 | 2024-11-25 | N/A | 9.8 CRITICAL | ||
| MinMax CMS from MinMax Digital Technology contains a hidden administrator account with a fixed password that cannot be removed or disabled from the management interface. Remote attackers who obtain this account can bypass IP access control restrictions and log in to the backend system without being recorded in the system logs. | |||||