Security Vulnerabilities
A security vulnerability has been detected in AfterShip Package Tracker App up to 5.24.1 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.aftership.AfterShip. The manipulation leads to improper export of android application components. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure and replied: "After reviewing your report, we have confirmed that this vulnerability does indeed exist and we are actively working to fix it."
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-19
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
CVSS Score
7.5
EPSS Score
0.007
Published
2025-08-18
The Sante PACS Server Web Portal sends credential information without encryption.
CVSS Score
7.4
EPSS Score
0.0
Published
2025-08-18
Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-08-18
Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.
CVSS Score
6.5
EPSS Score
0.122
Published
2025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
CVSS Score
6.5
EPSS Score
0.122
Published
2025-08-18
TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
CVSS Score
9.8
EPSS Score
0.063
Published
2025-08-18
TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain insecure credentials for the telnet service and root account.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-08-18