Critical Vulnerability in Melis Platform's melis-core Module

⚠️ CVE-2025-41723: CRITICAL The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. Source : https://lnkd.in/ecYqwKH9 #CVE202541723 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-11625: CRITICAL Improper host authentication vulnerability in wolfSSH version 1.4.20 and earlier clients that allows authentication bypass and leaking of clients credentials. Source : https://lnkd.in/eGSTkvhc #CVE202511625 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-11899: CRITICAL Agentflow by Flowring has a Critical Vulnerability - Use of Hard-coded Cryptographic Key. Attackers can exploit the fixed key to impersonate any user. To do this, the attacker needs to acquire a user ID first. Source : https://lnkd.in/ee_FbFcd #CVE202511899 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-41719: HIGH A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password. Source : https://lnkd.in/evaHZuTV #CVE202541719 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-21078: HIGH Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. Source : https://lnkd.in/eV6MFgUU #CVE202521078 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-61929: CRITICAL Cherry Studio lacks security measures for `cherrystudio://` protocol, allowing attackers to execute malicious commands via crafted URLs. Users must avoid clicking on unknown links to prevent compromise. Patch for this vulnerability is unavailable. Source : https://lnkd.in/eV3ygkmX #CVE202561929 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-59295: HIGH Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network. Source : https://lnkd.in/ebvygbMH #CVE202559295 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12104: CRITICAL Outdated and Vulnerable UI Dependencies might potentially lead to exploitation.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. Source : https://lnkd.in/enV73hVk #CVE202512104 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

Excess software access creates unnecessary risk. Uncover unused risky binaries and applications, restrict access to them, and cut your attack surface by up to 95%. Bitdefender GravityZone Proactive Hardening and Attack Surface Reduction (PHASR) https://lnkd.in/gMYfFx28 Bitdefender #lotl #cybersecurity

⚠️ CVE-2025-12618: HIGH A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Source : https://lnkd.in/eYHy73Rc #CVE202512618 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert