Security Vulnerabilities
A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog.
CVSS Score
5.2
EPSS Score
0.0
Published
2025-07-08
A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-07-08
An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-08
An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-07-08
An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations until they got restarted by the watchdog.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-07-08
An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-07-08
A vulnerability was found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-07-08
The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. This is limited to just PHP files.
CVSS Score
8.8
EPSS Score
0.003
Published
2025-07-08
A vulnerability has been found in PHPGurukul/Campcodes Cyber Cafe Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-07-08