CVE Find’s Post

⚠️ CVE-2025-12104: CRITICAL Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Source : https://lnkd.in/enV73hVk #CVE202512104 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-41723: CRITICAL The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. Source : https://lnkd.in/ecYqwKH9 #CVE202541723 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12422: CRITICAL Vulnerable Upgrade Feature (Arbitrary File Write) may lead to obtaining super user permissions on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Source : https://lnkd.in/eagrahEn #CVE202512422 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12176: CRITICAL Undocumented administrative accounts were getting created to facilitate access for applications running on board.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Source : https://lnkd.in/eMaffS3q #CVE202512176 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-10352: CRITICAL Vulnerability in the melis-core module of Melis Technology's Melis Platform, which, if exploited, allows an unauthenticated attacker to create an administrator account via a request to '/melis/MelisCore/ToolUser/addNewUser'. Source : https://lnkd.in/eEQRWrEU #CVE202510352 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-61929: CRITICAL Cherry Studio lacks security measures for `cherrystudio://` protocol, allowing attackers to execute malicious commands via crafted URLs. Users must avoid clicking on unknown links to prevent compromise. Patch for this vulnerability is unavailable. Source : https://lnkd.in/eV3ygkmX #CVE202561929 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-11625: CRITICAL Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials. Source : https://lnkd.in/eGSTkvhc #CVE202511625 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-41719: HIGH A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. Source : https://lnkd.in/evaHZuTV #CVE202541719 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12618: HIGH A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Source : https://lnkd.in/eYHy73Rc #CVE202512618 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12423: CRITICAL Protocol manipulation might lead to denial of service.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 . Source : https://lnkd.in/etRzRRTN #CVE202512423 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert