| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| CWE-494: Download of Code Without Integrity Check vulnerability exists that could render the device
inoperable when malicious firmware is downloaded. |
| An authenticated user without user-management permissions could identify other user accounts. |
| The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks (e.g. digital signature checks) on the supplied firmware update files. Furthermore, ESP32 security features such as secure boot are not used. |
| The affected products could allow an unauthenticated attacker to access system information that could enable further access to sensitive files and obtain administrative credentials. |
| iSTAR Ultra performs a firmware verification on boot, however the verification does not inspect certain portions of the firmware. These firmware parts may contain malicious code. Tested up to firmware 6.9.2, later firmwares are also possibly affected. |
| A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available.
Affected are older Screen versions, as well as version 5.0.0. |
| The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive debug information. The data is permanently broadcasted on the TCP socket. The socket can be accessed without any authentication or encryption.
The transmitted data is based on the set verbosity level. The verbosity level can be set using the http(s) endpoint with the service interface password or with the guessable identifier of the device via the SOAP interface.
The transmitted data contains sensitive data like the Card ID as well as all button presses on Registration units. This allows an attacker with network level access to retrieve all entered PINs on a registration unit. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in weDevs WP ERP erp allows Retrieve Embedded Sensitive Data.This issue affects WP ERP: from n/a through <= 1.16.6. |
| The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings. |
| SmarterTrack 7922 contains an information disclosure vulnerability in the Chat Management search form that reveals agent identification details. Attackers can access the vulnerable /Management/Chat/frmChatSearch.aspx endpoint to retrieve agents' first and last names along with their unique identifiers. |
| Akeo Consulting Rufus prior to version 2.17.1187 does not adequately validate the integrity of updates downloaded over HTTP, allowing an attacker to easily convince a user to execute arbitrary code |
| IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user. |
| TrueConf Client downloads application update code and applies it without performing verification. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the payload is executed or installed by the updater, this may result in arbitrary code execution in the context of the updating process or user. |
| An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card. |
| An authorization issue was addressed with improved state management. This issue is fixed in Safari 26.4, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, visionOS 26.4, watchOS 26.4. A maliciously crafted webpage may be able to fingerprint the user. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in wpweb Follow My Blog Post follow-my-blog-post allows Retrieve Embedded Sensitive Data.This issue affects Follow My Blog Post: from n/a through <= 2.3.9. |
| Download of Code Without Integrity Check vulnerability in Microchip Time Provider 4100 allows Malicious Manual Software Update.This issue affects Time Provider 4100: before 2.5. |
| Exposure of Sensitive System Information to an Unauthorized Actor vulnerability in Microcom ZeusWeb allows Web Application Fingerprinting of sensitive data. This issue affects ZeusWeb: 6.1.31. |
| FastGPT is an AI Agent building platform. In versions 4.14.8.3 and below, the fastgpt-preview-image.yml workflow is vulnerable to arbitrary code execution and secret exfiltration by any external contributor. It uses pull_request_target (which runs with access to repository secrets) but checks out code from the pull request author's fork, then builds and pushes Docker images using attacker-controlled Dockerfiles. This also enables a supply chain attack via the production container registry. A patch was not available at the time of publication. |
| Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load() due to improper logic in the repository trust verification mechanism. While the function is designed to warn users when loading models from non-official sources, the use of the silent=True parameter completely suppresses all security warnings and confirmation prompts. This vulnerability transforms a standard model-loading function into a vector for Zero-Interaction Supply-Chain Attacks. When chained with file-system vulnerabilities, an attacker can silently exfiltrate sensitive files (SSH keys, cloud credentials) from the victim's machine the moment the model is loaded. As of time of publication, no known patched versions are available. |
