Medium · CVSS 4.2
SpaceX Starlink Dish devices with firmware 2024.12.04.mr46620 (e.g., on Mini1_prod2) allow administrative actions via unauthenticated LAN gRPC requests, aka MARMALADE 2. The cross-origin policy can be bypassed by omitting a Referer header. In some cases, an attacker's ability to read tilt, rotation, and elevation data via gRPC can make it easier to infer the geographical location of the dish. NOTE: this is disputed by the Supplier because unauthenticated LAN gRPC is intended behavior for certain mobile app integration, and because the cross-origin policy is correctly enforced for gRPC-Web (port 9201), i.e., it is not a valid vulnerability report.
Published Dec 11, 2025 · Updated Jul 9, 2026
Critical · CVSS 10
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself. The Supplier also states that PDF JavaScript runs in a completely isolated sandbox, not the browser's DOM context, which means that privilege boundaries would not be crossed, a related issue to CVE-2023-49279.
Published Dec 22, 2025 · Updated Jul 8, 2026
High · CVSS 7.5
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
Published Dec 22, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.6
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
Published Dec 22, 2025 · Updated Jul 5, 2026
Critical · CVSS 10
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
Published Dec 23, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published Dec 23, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
Published Dec 22, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During parsing, parseFAR() calls ip2int(), which performs an out-of-bounds read on the IPv4 address buffer and triggers an index-out-of-range panic. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
Published Dec 18, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.5
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.
Published Dec 16, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.1
When using the attachment interaction functionality, Canary Mail 5.1.40 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
Published Dec 16, 2025 · Updated Jul 5, 2026
Medium · CVSS 4.3
A lack of file name validation or verification in the Attachment service of usememos memos v0.25.2 allows attackers to execute a path traversal.
Published Dec 8, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.4
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users.
Published Dec 8, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.5
Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service (DoS).
Published Dec 8, 2025 · Updated Jul 5, 2026
Medium · CVSS 4.3
Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily delete reactions made to other users' Memos.
Published Dec 8, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request.
Published Dec 8, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.
Published Dec 12, 2025 · Updated Jul 5, 2026
High · CVSS 7.2
Authenticated append-style command-injection Ruijie APs (AP_RGOS 11.1.x) allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the web_action.do endpoint.
Published Dec 8, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.2
Aquarius Desktop 3.0.069 for macOS stores user authentication credentials in the local file ~/Library/Application Support/Aquarius/aquarius.settings using a weak obfuscation scheme. The password is "encrypted" through predictable byte-substitution that can be trivially reversed, allowing immediate recovery of the plaintext value. Any attacker who can read this settings file can fully compromise the victim's Aquarius account by importing the stolen configuration into their own client or login through the vendor website. This results in complete account takeover, unauthorized access to cloud-synchronized data, and the ability to perform authenticated actions as the user.
Published Dec 3, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.5
An issue in HCL Technologies Limited HCLTech GRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via APIs do not enforcing limits on the number or size of requests
Published Dec 3, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.5
Cross Site Scripting vulnerability in HCL Technologies Limited HCLTech DRAGON before v.7.6.0 allows a remote attacker to execute arbitrary code via missing directives
Published Dec 3, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
A stored cross-site scripting (XSS) vulnerability in the PwdGrp.cgi endpoint of AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the username field.
Published Dec 3, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Published Dec 3, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.5
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Published Dec 3, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Published Dec 3, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the Machine.cgi endpoint. This vulnerability allows attackers to execute arbitrary commands via a crafted input.
Published Dec 3, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.
Published Dec 4, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
ALLNET ALL-RUT22GW v3.3.8 was discovered to store hardcoded credentials in the libicos.so library.
Published Dec 4, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
Default credentials in Dify thru 1.5.1. PostgreSQL username and password specified in the docker-compose.yaml file included in its source code. NOTE: the Supplier reports that the Docker configuration does not make PostgreSQL (on TCP port 5432) exposed by default in version 1.0.1 or later.
Published Dec 18, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using these default credentials, resulting in full administrative control of the application.
Published Dec 22, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field.
Published Dec 22, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
Published Dec 22, 2025 · Updated Jul 5, 2026
Critical · CVSS 10
Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
Published Dec 23, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.5
An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via the Logout option in the index.html
Published Dec 15, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
JD Cloud NAS routers AX1800 (4.3.1.r4308 and earlier), AX3000 (4.3.1.r4318 and earlier), AX6600 (4.5.1.r4533 and earlier), BE6500 (4.4.1.r4308 and earlier), ER1 (4.5.1.r4518 and earlier), and ER2 (4.5.1.r4518 and earlier) contain an unauthorized remote command execution vulnerability.
Published Dec 30, 2025 · Updated Jul 5, 2026
High · CVSS 7.1
TrueConf Client 8.5.2 is vulnerable to DLL hijacking via crafted wfapi.dll allowing local attackers to execute arbitrary code within the user's context.
Published Dec 30, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
Published Dec 26, 2025 · Updated Jul 5, 2026
Medium · CVSS 4.3
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.
Published Dec 26, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.1
When using the attachment interaction functionality, Blue Mail 1.140.103 and below saves documents to a file system without a Mark-of-the-Web tag, which allows attackers to bypass the built-in file protection mechanisms of both Windows OS and third-party software.
Published Dec 16, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
An issue was discovered in openmptcprouter thru 0.64 in file common/package/utils/sys-upgrade-helper/src/tools/sysupgrade.c in function create_xor_ipad_opad allowing attackers to potentially write arbitrary files or execute arbitrary commands.
Published Dec 9, 2025 · Updated Jul 5, 2026
Critical · CVSS 9.8
Insecure permissions in the scheduled tasks feature of MineAdmin v3.x allows attackers to execute arbitrary commands and execute a full account takeover.
Published Dec 12, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.5
An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy (BLE) to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from its user and would require re-configuration to re-enable the device. As a result, the end user would be unable to receive updates from the Meatmeet base station which communicates with the cloud services until the device had been fixed or turned back on.
Published Dec 10, 2025 · Updated Jul 5, 2026
High · CVSS 8.4
An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.
Published Dec 10, 2025 · Updated Jul 5, 2026
High · CVSS 8.1
OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users.
Published Dec 9, 2025 · Updated Jul 5, 2026
High · CVSS 7.5
An issue in the Bluetooth firmware of JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted Link Manager Protocol (LMP) packet.
Published Dec 10, 2025 · Updated Jul 5, 2026
Medium · CVSS 6.1
Cross-site scripting (XSS) vulnerability in Request IP form in phpIPAM v1.7.3 allows remote attackers to inject arbitrary web script or HTML via the instructions parameter for the /app/admin/instructions/edit-result.php endpoint.
Published Dec 9, 2025 · Updated Jul 5, 2026
High · CVSS 8.8
LeptonCMS version 7.3.0 contains an arbitrary file upload vulnerability, which is caused by the lack of proper validation for uploaded files. An authenticated attacker can exploit this vulnerability by uploading a specially crafted ZIP/PHP file to execute arbitrary code.
Published Dec 9, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.4
Snipe-IT before 8.3.4 allows stored XSS via the Locations "Country" field, enabling a low-privileged authenticated user to inject JavaScript that executes in another user's session.
Published Dec 1, 2025 · Updated Jul 5, 2026
Medium · CVSS 5.4
Snipe-IT before 8.3.4 allows stored XSS, allowing a low-privileged authenticated user to inject JavaScript that executes in an administrator's session, enabling privilege escalation.
Published Dec 1, 2025 · Updated Jul 5, 2026
High · CVSS 8.3
Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts.
Published Dec 5, 2025 · Updated Jul 5, 2026
Medium · CVSS 4.3
File upload vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store arbitrary files on the filesystem.
Published Dec 5, 2025 · Updated Jul 5, 2026