Security Vulnerabilities
An issue was discovered in Unicom Focal Point 7.6.1. The database is encrypted with a hardcoded key, making it easier to recover the cleartext data.
CVSS Score
4.6
EPSS Score
0.0
Published
2025-06-03
A vulnerability classified as problematic was found in Open5GS up to 2.7.3. Affected by this vulnerability is the function ngap_handle_path_switch_request_transfer of the file src/smf/ngap-handler.c of the component NGAP PathSwitchRequest Message Handler. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named 2daa44adab762c47a8cef69cc984946973a845b3. It is recommended to apply a patch to fix this issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-06-03
A vulnerability, which was classified as critical, has been found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this issue is the function formMapReboot of the file /boafrm/formMapReboot. The manipulation of the argument deviceMacAddr leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
6.3
EPSS Score
0.016
Published
2025-06-03
Foxcms v1.25 has a SQL time injection in the $_POST['dbname'] parameter of installdb.php.
CVSS Score
8.4
EPSS Score
0.0
Published
2025-06-03
A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been declared as critical. This vulnerability affects unknown code of the file include/inc_module/mod_feedimport/inc/processing.inc.php of the component Feedimport Module. The manipulation of the argument cnt_text leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9.46 and 1.10.9 is able to address this issue. It is recommended to upgrade the affected component.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-06-03
CVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Known exploited
CVSS Score
8.6
EPSS Score
0.028
Published
2025-06-03
CVE-2025-27038
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Known exploited
CVSS Score
7.5
EPSS Score
0.028
Published
2025-06-03
In engineermode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed.
CVSS Score
5.9
EPSS Score
0.0
Published
2025-06-03
In cplog service, there is a possible system crash due to null pointer dereference. This could lead to local denial of service with no additional execution privileges needed.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-06-03
In cplog service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-06-03