Total
313252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-40985 | 1 Linux | 1 Linux Kernel | 2025-10-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: net/tcp_ao: Don't leak ao_info on error-path It seems I introduced it together with TCP_AO_CMDF_AO_REQUIRED, on version 5 [1] of TCP-AO patches. Quite frustrative that having all these selftests that I've written, running kmemtest & kcov was always in todo. [1]: https://lore.kernel.org/netdev/20230215183335.800122-5-dima@arista.com/ | |||||
| CVE-2025-60969 | 2025-10-06 | N/A | 5.7 MEDIUM | ||
| Directory Traversal vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0076-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60963 | 2025-10-06 | N/A | 8.2 HIGH | ||
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. | |||||
| CVE-2025-60962 | 2025-10-06 | N/A | 8.2 HIGH | ||
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. | |||||
| CVE-2025-60961 | 2025-10-06 | N/A | 6.1 MEDIUM | ||
| Cross Site Scripting (XSS) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information, and possibly other unspecified impacts. | |||||
| CVE-2025-60960 | 2025-10-06 | N/A | 8.2 HIGH | ||
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. | |||||
| CVE-2025-60959 | 2025-10-06 | N/A | 8.2 HIGH | ||
| OS Command Injection vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to gain sensitive information. | |||||
| CVE-2025-60956 | 2025-10-06 | N/A | 8.0 HIGH | ||
| Cross Site Request Forgery (CSRF) vulnerability in EndRun Technologies Sonoma D12 Network Time Server (GPS) F/W 6010-0071-000 Ver 4.00 allows attackers to execute arbitrary code, cause a denial of service, gain escalated privileges, and gain sensitive information. | |||||
| CVE-2025-59452 | 2025-10-06 | N/A | 5.8 MEDIUM | ||
| The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50. | |||||
| CVE-2025-59451 | 2025-10-06 | N/A | 3.5 LOW | ||
| The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes. | |||||
| CVE-2025-59450 | 2025-10-06 | N/A | 4.3 MEDIUM | ||
| The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials. | |||||
| CVE-2025-59449 | 2025-10-06 | N/A | 4.9 MEDIUM | ||
| The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacker can exploit this to gain full control over any other YoLink user's devices. | |||||
| CVE-2025-59448 | 2025-10-06 | N/A | 4.7 MEDIUM | ||
| Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker. | |||||
| CVE-2025-59447 | 2025-10-06 | N/A | 2.2 LOW | ||
| The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials. | |||||
| CVE-2025-57515 | 2025-10-06 | N/A | 9.8 CRITICAL | ||
| A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses. | |||||
| CVE-2025-56382 | 2025-10-06 | N/A | 6.1 MEDIUM | ||
| A stored Cross-site scripting (XSS) vulnerability exists in the Customer Management Module of LionCoders SalePro POS 5.4.8. An authenticated attacker can inject arbitrary web script or HTML via the 'Customer Name' parameter when creating or editing customer profiles. This malicious input is improperly sanitized before storage and subsequent rendering, leading to script execution in the browsers of users who view the affected customer details. | |||||
| CVE-2025-11346 | 2025-10-06 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability has been found in ILIAS up to 8.23/9.13/10.1. This affects the function unserialize of the component Base64 Decoding Handler. Such manipulation of the argument f_settings leads to deserialization. It is possible to launch the attack remotely. Upgrading to version 8.24, 9.14 and 10.2 is able to mitigate this issue. It is advisable to upgrade the affected component. | |||||
| CVE-2025-8759 | 1 Trendnet | 2 Tn-200, Tn-200 Firmware | 2025-10-06 | 2.6 LOW | 3.7 LOW |
| A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownload.secret with the input neV3rUseMe leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-45544 | 1 Qualcomm | 88 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 85 more | 2025-10-06 | N/A | 6.6 MEDIUM |
| Memory corruption while processing IOCTL calls to add route entry in the HW. | |||||
| CVE-2024-45543 | 1 Qualcomm | 130 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6200 and 127 more | 2025-10-06 | N/A | 6.6 MEDIUM |
| Memory corruption while accessing MSM channel map and mixer functions. | |||||