Aggregator

CVE-2025-8108 | Axis AXIS OS up to 12.7.32 ACAP Configuration File improper validation of specified type of input (EUVD-2025-74039 / WID-SEC-2025-2546)

Vuldb Updates
3 months ago
A vulnerability has been found in Axis AXIS OS up to 12.7.32 and classified as critical. Impacted is an unknown function of the component ACAP Configuration File Handler. This manipulation causes improper validation of specified type of input. This vulnerability is handled as CVE-2025-8108. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.
vuldb.com

The Limitations of Google Play Integrity API (ex SafetyNet)

Security Boulevard
3 months ago
Updated November 2025

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. The imminent deprecation of Google SafetyNet Attestation API means this is a good time for a comprehensive evaluation of solutions in this space.

The post The Limitations of Google Play Integrity API (ex SafetyNet) appeared first on Security Boulevard.

George McGregor

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

Security Affairs
3 months ago
SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key […]
Pierluigi Paganini

CVE-2025-12944 | Netgear DGN2200v4 up to 1.0.0.126 input validation

Vuldb Updates
3 months ago
A vulnerability was found in Netgear DGN2200v4 up to 1.0.0.126. It has been rated as very critical. Affected is an unknown function. This manipulation causes improper input validation. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-12944. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2021-27129 | CASAP Automated Enrollment System 1.0 Students ROUTE cross site scripting (ID 161080)

Vuldb Updates
3 months ago
A vulnerability labeled as problematic has been found in CASAP Automated Enrollment System 1.0. Affected is an unknown function of the component Students Handler. The manipulation of the argument ROUTE results in cross site scripting. This vulnerability is identified as CVE-2021-27129. The attack can be executed remotely. There is not any exploit available.
vuldb.com

CVE-2025-12940 | NETGEAR WAX610/WAX610Y prior 10.8.11.4 Syslog Server log file

Vuldb Updates
3 months ago
A vulnerability labeled as problematic has been found in NETGEAR WAX610 and WAX610Y. This affects an unknown part of the component Syslog Server. Executing manipulation can lead to sensitive information in log files. The identification of this vulnerability is CVE-2025-12940. The attack can only be executed locally. There is no exploit available. The affected component should be upgraded.
vuldb.com

CVE-2022-43546 | Siemens POWER METER SICAM Q100 2.41 Web Interface EndTime input validation (ssa-570294 / WID-SEC-2023-1431)

Vuldb Updates
3 months ago
A vulnerability was found in Siemens POWER METER SICAM Q100 2.41. It has been rated as problematic. The affected element is an unknown function of the component Web Interface. Performing manipulation of the argument EndTime results in improper input validation. This vulnerability is reported as CVE-2022-43546. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is advised.
vuldb.com

Managed ad