CVE Find’s Post

⚠️ CVE-2025-61929: CRITICAL Cherry Studio lacks security measures for `cherrystudio://` protocol, allowing attackers to execute malicious commands via crafted URLs. Users must avoid clicking on unknown links to prevent compromise. Patch for this vulnerability is unavailable. Source : https://lnkd.in/eV3ygkmX #CVE202561929 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2023-7311: CRITICAL Warning: BYTEVALUE Intelligent Flow Control Router is at risk due to a command injection vulnerability on /goform/webRead/open endpoint. Unauthorized attackers can execute malicious commands, leading to host compromise and control hijack. Recently targeted by Rondo botnet. Source : https://lnkd.in/eYCmiwRB #CVE20237311 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-41723: CRITICAL The importFile SOAP method is vulnerable to a directory traversal attack. An unauthenticated remote attacker bypass the path restriction and upload files to arbitrary locations. Source : https://lnkd.in/ecYqwKH9 #CVE202541723 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-62353: CRITICAL A path traversal vulnerability in all versions of the Windsurf IDE enables a threat actor to read and write arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection. Source : https://lnkd.in/e3TKNTdC #CVE202562353 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-62712: CRITICAL JumpServer had a security vulnerability allowing an authenticated user to access connection tokens of other users. This flaw was fixed in versions v3.10.20-lts and v4.10.11-lts, preventing unauthorized access to sensitive systems. Source : https://lnkd.in/ekJr9s3m #CVE202562712 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12618: HIGH A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Source : https://lnkd.in/eYHy73Rc #CVE202512618 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-12611: HIGH A serious buffer overflow vulnerability has been found in Tenda AC21 16.03.08.16. Exploiting the issue allows remote attackers to compromise the device. A publicly available exploit makes the threat even more pressing. Source : https://lnkd.in/ePaRnJ9E #CVE202512611 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-10020: CRITICAL Zohocorp ManageEngine ADManager Plus version before 8024 are vulnerable to authenticated command injection vulnerability in the Custom Script component. Source : https://lnkd.in/e7Eq4tfZ #CVE202510020 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2023-7305: CRITICAL SmartBI versions 8, 9, and 10 had a critical file upload flaw allowing attackers to perform dangerous operations. The vendor issued a patch in July 2023. Notably, Rondo botnet has exploited this vulnerability, according to VulnCheck. Source : https://lnkd.in/efGFB52h #CVE20237305 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert

⚠️ CVE-2025-21078: HIGH Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications. Source : https://lnkd.in/eV6MFgUU #CVE202521078 #CVE #CyberSecurity #Vulnerability #CVEFind #CVEFindAlert