Aggregator

Submit #630505 / VDB-319955

Submit #630501 / VDB-319955

A vulnerability, which was classified as problematic, has been found in appneta tcpreplay up to 4.5.1. The affected element is the function fix_ipv6_checksums of the file edit_packet.c of the component tcprewrite. This manipulation causes use after free. This vulnerability is tracked as CVE-2025-9385. The attack is restricted to local execution. Moreover, an exploit is present. It is advisable to upgrade the affected component.

Submit #630500 / VDB-319955

Submit #630499 / VDB-319955

Submit #630498 / VDB-321219

A vulnerability classified as problematic was found in appneta tcpreplay up to 4.5.1. Impacted is the function tcpedit_post_args of the file /src/tcpedit/parse_args.c. The manipulation results in null pointer dereference. This vulnerability is identified as CVE-2025-9384. The attack is only possible with local access. Additionally, an exploit exists. Upgrading the affected component is advised. The vendor explains, that he was "[a]ble to reproduce in 6fcbf03 but not in 4.5.2-beta2".

Submit #630497 / VDB-321218

A vulnerability classified as problematic has been found in FNKvision Y215 CCTV Camera 10.194.120.40. This issue affects the function crypt of the file /etc/passwd. The manipulation leads to use of weak hash. This vulnerability is referenced as CVE-2025-9383. The attack can only be performed from a local environment. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1_rf_test_config of the component Telnet Sevice. Executing manipulation can lead to backdoor. The identification of this vulnerability is CVE-2025-9382. The physical device can be targeted for the attack. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as problematic has been reported in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. This vulnerability was named CVE-2025-9381. The attack may be carried out on the physical device. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as problematic has been found in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation leads to hard-coded credentials. This vulnerability is uniquely identified as CVE-2025-9380. Local access is required to approach this attack. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

Враг прячется там, где его никто не ожидает увидеть.

Submit #630496 / VDB-321217

OpenAI 正致力于取代 Google，而它依赖的搜索数据却来自搜索巨人。Theinformation 报道，OpenAI 通过使用从 Web 抓取的 Google 搜索数据去增强聊天机器人 ChatGPT 的响应能力。当用户通过 ChatGPT 查询时事如新闻、体育和股市时，Google 搜索数据能提供巨大的帮助。OpenAI 使用的数据来自 Web 抓取公司 SerpApi。去年 SerpApi 还在网站上列出 OpenAI 是其客户，但后来将其删除了。

A vulnerability identified as problematic has been detected in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. This vulnerability is handled as CVE-2025-9379. The attack can be initiated remotely. There is not any exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #629813 / VDB-321216

Submit #629812 / VDB-321215

Submit #629811 / VDB-321214