CVE-2025-27590
CVE-2025-27585
CVE-2025-27584
CVE-2025-27583
CVE-2025-27579
CVE-2025-25953
CVE-2025-25952
CVE-2025-25951
CVE-2025-25950
CVE-2025-25949
CVE-2025-25948
CVE-2025-25280
CVE-2025-24846
CVE-2025-24654
CVE-2025-21424
CVE-2025-20653
CVE-2025-20652
CVE-2025-20651
CVE-2025-20650
CVE-2025-20649
In oxidized-web (aka Oxidized Web) before 0.15.0, the RANCID migration page allows an unauthenticated user to gain control over the Linux user account that is running oxidized-web.
Maximum CVSS Score : 9.0
Exploit Availability: Not available
CVE-2025-27585
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Print Name parameter at /rest/staffResource/update.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-27584
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name parameter at /rest/staffResource/update.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-27583
Incorrect access control in the component /rest/staffResource/findAllUsersAcrossOrg of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-27579
In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.
Maximum CVSS Score : 5.4
Exploit Availability: Not available
CVE-2025-25953
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-25952
An Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information via a crafted API request.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-25951
An information disclosure vulnerability in the component /rest/cb/executeBasicSearch of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to access sensitive user information.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-25950
Incorrect access control in the component /rest/staffResource/update of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-25949
A stored cross-site scripting (XSS) vulnerability in Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the User ID parameter at /rest/staffResource/update.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-25948
Incorrect access control in the component /rest/staffResource/create of Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 allows create and modify user accounts, including an Administrator account.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-25280
Buffer overflow vulnerability exists in FutureNet AS series (Industrial Routers) and FA series (Protocol Conversion Machine) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may reboot the device by sending a specially crafted request.
Maximum CVSS Score : 5.3
Exploit Availability: Not available
CVE-2025-24846
Authentication bypass vulnerability exists in FutureNet AS series (Industrial Routers) provided by Century Systems Co., Ltd. If this vulnerability is exploited, a remote unauthenticated attacker may obtain the device information such as MAC address by sending a specially crafted request.
Maximum CVSS Score : 7.5
Exploit Availability: Not available
CVE-2025-24654
Missing Authorization vulnerability in SEO Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.4.05.
Maximum CVSS Score : 7.1
Exploit Availability: Not available
CVE-2025-21424
Memory corruption while calling the NPU driver APIs concurrently.
Maximum CVSS Score : 7.8
Exploit Availability: Not available
CVE-2025-20653
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue ID: MSV-2046.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-20652
In V5 DA, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291215; Issue ID: MSV-2052.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-20651
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2062.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-20650
In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291294; Issue ID: MSV-2061.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
CVE-2025-20649
In Bluetooth Stack SW, there is a possible information disclosure due to a missing permission check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00396437; Issue ID: MSV-2184.
Maximum CVSS Score : 0.0
Exploit Availability: Not available
![[Image: e72398fe92beda2aa80d0329e8b9f4febece7568.gif]](https://64.media.tumblr.com/834502d05f9b014cbc37366fe428a5a7/13cb9841c0799d7a-ff/s500x560/e72398fe92beda2aa80d0329e8b9f4febece7568.gif)
