Security Vulnerabilities
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26253.
CVSS Score
6.8
EPSS Score
0.001
Published
2025-08-06
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the firmware update process. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26254.
CVSS Score
6.8
EPSS Score
0.001
Published
2025-08-06
Out-of-bounds array access vulnerability in the ArkUI framework.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-08-06
Out-of-bounds access vulnerability in the audio codec module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-06
EXTRA_REFERRER resource read vulnerability in the Gallery module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-08-06
Input verification vulnerability in the home screen module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-08-06
Vulnerability of insufficient information protection in the media library module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
6.2
EPSS Score
0.0
Published
2025-08-06
Out-of-bounds access vulnerability in the audio codec module.
Impact: Successful exploitation of this vulnerability may affect availability.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-06
Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS Score
10.0
EPSS Score
0.011
Published
2025-08-05
Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-08-05