Security Vulnerabilities - CVEs Published In June 2025
Flock Safety LPR (License Plate Reader) devices with firmware through 2.2 have cleartext storage of code.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-06-27
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. Affected by this issue is the function H5O__mtime_new_encode of the file src/H5Omtime.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
CVSS Score
4.8
EPSS Score
0.001
Published
2025-06-27
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
CVSS Score
2.2
EPSS Score
0.0
Published
2025-06-27
Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
CVSS Score
6.4
EPSS Score
0.0
Published
2025-06-27
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
CVSS Score
2.0
EPSS Score
0.0
Published
2025-06-27
A vulnerability classified as critical was found in juzaweb CMS 3.4.2. Affected by this vulnerability is an unknown functionality of the file /admin-cp/theme/install of the component Add New Themes Page. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-06-27
A vulnerability classified as critical has been found in juzaweb CMS 3.4.2. Affected is an unknown function of the file /admin-cp/imports of the component Import Page. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-06-27
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been declared as critical. This vulnerability affects the function sub_416928 of the file /goform/formConfigDnsFilterGlobal of the component API. The manipulation of the argument GroupName leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.4
EPSS Score
0.005
Published
2025-06-26
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. This issue affects the function sub_484E40 of the file /goform/formP2PLimitConfig of the component API. The manipulation of the argument except leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.4
EPSS Score
0.005
Published
2025-06-26
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.4
EPSS Score
0.005
Published
2025-06-26