#vulnerability

Researchers found several security problems in Life360's Tile trackers, most of which could be solved with encryption.

Cybersecurity researchers have disclosed three now-patched security vulnerabilities impacting Google's Gemini artificial intelligence (AI) assistant that, if successfully exploited, could have exposed users to major privacy risks and data theft. "They made Gemini vulnerable to search-injection attacks on its Search Personalization Model; log-to-prompt injection attacks against Gemini Cloud

All versions of the package check-branches are vulnerable to Command Injection. check-branches is a command-line tool that is interacted with locally, or via CI, to confirm no conflicts exist in git branches. However, the library follows these conventions which can be abused: 1. It trusts branch names as they are (plain text) 2. It spawns git commands by concatenating user input Since a branch name is potentially a user input - as users can create branches remotely via pull requests, or simply due to privileged access to a repository - it can effectively be abused to run any command.

This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: Controller CECC-S,-LK,-D Family Firmware Vulnerabilities: Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory after Effective Lifetime, Improper Handling of Exceptional Conditions, Use of a Broken or Risky Cryptographic Algorithm, Weak Password Recovery Mechanism for Forgotten Password, Use of Password Hash With Insufficient Computational Effort, Improper Access Control, Allocation of Resources Without Limits or Throttling, Improper Input Validation, Buffer Over-read, Use of Insufficiently Random Values, Improper Limitation of a Pathname to a Restricted Directory ('Path ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.1 ATTENTION: Low attack complexity Vendor: OpenPLC_V3 Equipment: OpenPLC_V3 Vulnerability: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 2. RISK EVALUATION Successful exploitation of this vulnerability could cause a denial of service, making the PLC runtime process crash. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of OpenPLC_V3 are affected: OpenPLC_V3: Versions prior to pull request #292 3.2 VULNERABILITY OVERVIEW 3.2.1 RELIANCE ON UNDEFINED, UNSPECIFIED, OR IMPLEMENTATION-DEFINED BEHAVIOR CWE-758 OpenPLC_V3 has a vulnerability in the enipThread function that occurs due to the lack of a return value. This leads to a crash when the server loop ends and execution hits an illegal ud2 instruction. This issue can be triggered remotely without authentication by starting the same server multiple times or if the server exits unexpectedly. The vulnerability allows an attacker to cause a Denial of Service (...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: LG Innotek Equipment: Camera Models LND7210 and LNV7210R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following models of LG Innotek CCTV Cameras are affected: LG LND7210: All Versions LG LNV7210R: All Versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information. CVE-2025-10538 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Megasys Enterprises Equipment: Telenium Online Web Application Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MegaSys Enerprises products are affected: Telenium Online Web Application: Versions 8.4.21 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the insecure termin...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: Circuit Design Suite Vulnerabilities: Type Confusion, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments products are affected: Circuit Design Suite: Versions v14.3.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 The affected product is vulnerable to a memory corruption of a function table, which could allow an attacker to disclose information or execute arbitrary code. CVE-2025-6033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also bee...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: CPX-CEC-C1 and CPX-CMXX Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Firmware installed on Festo Hardware Control block CPX-CEC-C1: Versions 2.0.12 and prior Festo Firmware installed on Festo Hardware Control block CPX-CMXX: Versions 1.2.34 rev.404 and prior Festo Firmware installed on Festo Hardware Control block-SET CPX-CEC-C1: Versions 1.2.34 rev.404 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of s...