#vulnerability

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.8 ATTENTION: Exploitable remotely/Low attack complexity Vendor: LG Innotek Equipment: Camera Models LND7210 and LNV7210R Vulnerability: Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain administrative access to the device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following models of LG Innotek CCTV Cameras are affected: LG LND7210: All Versions LG LNV7210R: All Versions 3.2 VULNERABILITY OVERVIEW 3.2.1 Authentication Bypass Using an Alternate Path or Channel CWE-288 An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information. CVE-2025-10538 has been assigned to this vulnerability. A CVSS v3.1 base score of 8.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 8.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: SBRD-Q/SBOC-Q/SBOI-Q Vulnerabilities: Incorrect Conversion between Numeric Types, Out-of-bounds Read, Reachable Assertion 2. RISK EVALUATION Successful exploitation of these vulnerabilities may allow the attacker to read arbitrary data or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Firmware installed on Festo Hardware SBOC-Q-R1B: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R1B-S1: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R1C: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R1C-S1: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R2B: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R2B-S1: All versions Festo Firmware installed on Festo Hardware SBOC-Q-R2C: All versions Festo Firmware ins...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Megasys Enterprises Equipment: Telenium Online Web Application Vulnerability: OS Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to inject arbitrary operating system commands through a crafted HTTP request, leading to remote code execution on the server in the security context of the web application service account. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following MegaSys Enerprises products are affected: Telenium Online Web Application: Versions 8.4.21 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN OS COMMAND ('OS COMMAND INJECTION') CWE-78 The Telenium Online Web Application is vulnerable due to a PHP endpoint accessible to unauthenticated network users that improperly handles user-supplied input. This vulnerability occurs due to the insecure termin...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: Controller CECC-S,-LK,-D Family Firmware Vulnerabilities: Exposure of Resource to Wrong Sphere, Untrusted Pointer Dereference, NULL Pointer Dereference, Files or Directories Accessible to External Parties, Out-of-bounds Write, Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Missing Release of Memory after Effective Lifetime, Improper Handling of Exceptional Conditions, Use of a Broken or Risky Cryptographic Algorithm, Weak Password Recovery Mechanism for Forgotten Password, Use of Password Hash With Insufficient Computational Effort, Improper Access Control, Allocation of Resources Without Limits or Throttling, Improper Input Validation, Buffer Over-read, Use of Insufficiently Random Values, Improper Limitation of a Pathname to a Restricted Directory ('Path ...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Festo Equipment: CPX-CEC-C1 and CPX-CMXX Vulnerability: Improper Privilege Management 2. RISK EVALUATION Successful exploitation of this vulnerability could allow unauthenticated, remote access to critical webpage functions which may cause a denial of service. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Festo reports that the following products are affected: Festo Firmware installed on Festo Hardware Control block CPX-CEC-C1: Versions 2.0.12 and prior Festo Firmware installed on Festo Hardware Control block CPX-CMXX: Versions 1.2.34 rev.404 and prior Festo Firmware installed on Festo Hardware Control block-SET CPX-CEC-C1: Versions 1.2.34 rev.404 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER PRIVILEGE MANAGEMENT CWE-269 Festo control block CPX-CEC-C1 and CPX-CMXX in multiple versions allow unauthenticated, remote access to critical webpage functions which may cause a denial of s...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: National Instruments Equipment: Circuit Design Suite Vulnerabilities: Type Confusion, Out-of-bounds Read 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to cause memory corruption, potentially leading to information disclosure and execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following National Instruments products are affected: Circuit Design Suite: Versions v14.3.1 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 ACCESS OF RESOURCE USING INCOMPATIBLE TYPE ('TYPE CONFUSION') CWE-843 The affected product is vulnerable to a memory corruption of a function table, which could allow an attacker to disclose information or execute arbitrary code. CVE-2025-6033 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also bee...

Apple has patched a serious vulnerability (CVE-2025-43400) in how devices handle fonts.

A newly patched security flaw impacting Broadcom VMware Tools and VMware Aria Operations has been exploited in the wild as a zero-day since mid-October 2024 by a threat actor called UNC5174, according to NVISO Labs. The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), a local privilege escalation bug affecting the following versions - VMware Cloud Foundation 4.x and 5.x VMware

The world of enterprise technology is undergoing a dramatic shift. Gen-AI adoption is accelerating at an unprecedented pace, and SaaS vendors are embedding powerful LLMs directly into their platforms. Organizations are embracing AI-powered applications across every function, from marketing and development to finance and HR. This transformation unlocks innovation and efficiency, but it also

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to