Aggregator

CVE-2021-47294 | Linux Kernel up to 5.13.5 netrom mod_timer operation after expiration (Nessus ID 274749)

Vuldb Updates
3 months ago
A vulnerability, which was classified as problematic, was found in Linux Kernel up to 5.13.5. Affected by this vulnerability is the function mod_timer of the component netrom. The manipulation results in operation on a resource after expiration. This vulnerability is identified as CVE-2021-47294. The attack can only be performed from the local network. There is not any exploit available. You should upgrade the affected component.
vuldb.com

CVE-2025-9055 | Axis AXIS OS up to 12.7.30 VAPIX Edge Storage API unnecessary privileges (EUVD-2025-74036 / WID-SEC-2025-2546)

Vuldb Updates
3 months ago
A vulnerability described as critical has been identified in Axis AXIS OS up to 12.7.30. Affected by this vulnerability is an unknown functionality of the component VAPIX Edge Storage API. Such manipulation leads to execution with unnecessary privileges. This vulnerability is documented as CVE-2025-9055. The attack needs to be performed locally. There is not any exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2025-9524 | Axis AXIS OS prior 12.7.11 VAPIX API port.cgi improper validation of specified type of input (EUVD-2025-74035 / WID-SEC-2025-2546)

Vuldb Updates
3 months ago
A vulnerability, which was classified as problematic, has been found in Axis AXIS OS up to 8.40.88/9.80.122/10.12.304/11.11.176/12.7.10. This vulnerability affects unknown code of the file port.cgi of the component VAPIX API. The manipulation leads to improper validation of specified type of input. This vulnerability is traded as CVE-2025-9524. It is possible to initiate the attack remotely. There is no exploit available. It is advisable to upgrade the affected component.
vuldb.com

CVE-2025-8998 | Axis OS prior 12.7.27 Temporary Directory file inclusion (EUVD-2025-74037 / WID-SEC-2025-2546)

Vuldb Updates
3 months ago
A vulnerability classified as problematic was found in Axis OS up to 8.40.89/9.80.123/10.12.305/11.11.177/12.7.26. This affects an unknown part of the component Temporary Directory Handler. Executing manipulation can lead to file inclusion. This vulnerability appears as CVE-2025-8998. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.
vuldb.com

CVE-2025-6779 | Axis AXIS OS up to 12.6.39 ACAP Configuration File permission assignment (EUVD-2025-74040 / WID-SEC-2025-2546)

Vuldb Updates
3 months ago
A vulnerability, which was classified as critical, was found in Axis AXIS OS up to 12.6.39. This issue affects some unknown processing of the component ACAP Configuration File Handler. The manipulation results in incorrect permission assignment. This vulnerability is known as CVE-2025-6779. Attacking locally is a requirement. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2025-8108 | Axis AXIS OS up to 12.7.32 ACAP Configuration File improper validation of specified type of input (EUVD-2025-74039 / WID-SEC-2025-2546)

Vuldb Updates
3 months ago
A vulnerability has been found in Axis AXIS OS up to 12.7.32 and classified as critical. Impacted is an unknown function of the component ACAP Configuration File Handler. This manipulation causes improper validation of specified type of input. This vulnerability is handled as CVE-2025-8108. It is possible to launch the attack on the local host. There is not any exploit available. The affected component should be upgraded.
vuldb.com

The Limitations of Google Play Integrity API (ex SafetyNet)

Security Boulevard
3 months ago
Updated November 2025

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. The imminent deprecation of Google SafetyNet Attestation API means this is a good time for a comprehensive evaluation of solutions in this space.

The post The Limitations of Google Play Integrity API (ex SafetyNet) appeared first on Security Boulevard.

George McGregor

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

Security Affairs
3 months ago
SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, including a critical flaw in SQL Anywhere Monitor, with the release of November 2025 notes. The vulnerability, tracked as CVE-2025-42890 (CVSS score of 10/10), is an insecure key […]
Pierluigi Paganini

CVE-2025-12944 | Netgear DGN2200v4 up to 1.0.0.126 input validation

Vuldb Updates
3 months ago
A vulnerability was found in Netgear DGN2200v4 up to 1.0.0.126. It has been rated as very critical. Affected is an unknown function. This manipulation causes improper input validation. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-12944. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2021-27129 | CASAP Automated Enrollment System 1.0 Students ROUTE cross site scripting (ID 161080)

Vuldb Updates
3 months ago
A vulnerability labeled as problematic has been found in CASAP Automated Enrollment System 1.0. Affected is an unknown function of the component Students Handler. The manipulation of the argument ROUTE results in cross site scripting. This vulnerability is identified as CVE-2021-27129. The attack can be executed remotely. There is not any exploit available.
vuldb.com

Managed ad