Category: Alert Feeds

  Posted by Stefan Kanthak via Fulldisclosure on Sep 08 Hi @ll, this extends the two previous posts titled Defense in depth — the Microsoft way (part 90): “Digital Signature” property sheet missing without “Read Extended Attributes” access permission <https://seclists.org/fulldisclosure/2025/Jul/39> and Defense in depth — the Microsoft way (part 91): yet another 30 year old … Read More “Defense in depth — the Microsoft way (part 92): more stupid blunders of Windows’ File Explorer  – Full Disclosure” »

  Posted by Ron E on Sep 08 An integer overflow vulnerability exists in the FFmpeg cache: URL protocol implementation. The CacheEntry structure uses a 32-bit signed integer to store cache entry sizes (int size), but the cache layer can accumulate cached data exceeding 2 GB. Once entry->size grows beyond INT_MAX and new data is … Read More “FFmpeg 7.0+ Integer Overflow in FFmpeg cache: Protocol (CacheEntry::size)  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Sep 08 SEC Consult Vulnerability Lab Security Advisory < 20250908-0 > ======================================================================= title: NFC Card Vulnerability Exploitation Leading to Free Top-Up product: KioSoft “Stored Value” Unattended Payment Solution (Mifare) vulnerable version: Current firmware/hardware as of Q2/2025 fixed version: No version numbers available CVE number:… – Read … Read More “SEC Consult SA-20250908-0 :: NFC Card Vulnerability Exploitation Leading to Free Top-Up in KioSoft “Stored Value” Unattended Payment Solution (Mifare)  – Full Disclosure” »

  Posted by Taylor Newsome on Sep 08 *To:* support () mellanox com, networking-support () nvidia com *From:* Taylor Christian Newsome *Date:* August 20, 2025 *Dear Mellanox/NVIDIA Networking Support Team,* I am writing to formally submit the critical firmware parameters for Mellanox PCI Express Host Channel Adapter (HCA) cards, as detailed in the official documentation … Read More “Submission of Critical Firmware Parameters – PCIe HCA Cards  – Full Disclosure” »

  Posted by Ron E on Sep 08 The DjVuLibre document compression library (tested version 3.5.29) is vulnerable to an integer overflow caused by a left shift of a negative signed integer in the IW44EncodeCodec.cpp component. When processing crafted PPM input passed through the c44 utility, negative pixel values are left-shifted in functions such as … Read More “DjVuLibre 3.5.29 IW44EncodeCodec Integer Overflow (Negative Left Shift in IW44Image::Map::Encode)  – Full Disclosure” »

  Posted by Ron E on Sep 08 The DjVuLibre document compression library (tested version 3.5.29) contains multiple instances of unsigned integer overflow in the ZPCodec.cpp component. During arithmetic encoding operations (e.g., zemit, encode_lps, encode_lps_simple, eflush), crafted input can cause arithmetic wraparound (0-1, 1-2, or value+UINT_MAX). These operations rely on precise probability modeling for entropy … Read More “DjVuLibre 3.5.29 ZPCodec Unsigned Integer Overflow in Arithmetic Encoding  – Full Disclosure” »

  Posted by Ron E on Sep 08 The ladspa audio filter implementation (libavfilter/af_ladspa.c) in FFmpeg allows unsanitized environment variables to influence dynamic library loading. Specifically, the filter uses getenv(“LADSPA_PATH”) and getenv(“HOME”) when resolving the plugin shared object (.so) name provided through the file option. These values are concatenated into a filesystem path and passed … Read More “FFmpeg 7.0+ LADSPA Filter Arbitrary Shared Object Loading via Unsanitized Environment Variables  – Full Disclosure” »

  Posted by Ron E on Sep 08 A signed integer overflow exists in FFmpeg’s udp.c implementation when parsing the fifo_size option from a user-supplied UDP URL. The overflow occurs during multiplication, which is used to compute the size of the circular receive buffer. This can result in undefined behavior, allocation failures, or potentially memory … Read More “FFmpeg 7.0+ Integer Overflow in UDP Protocol Handler (fifo_size option)  – Full Disclosure” »

  Posted by Ron E on Sep 08 A vulnerability exists in the FFmpeg UDP protocol implementation ( libavformat/udp.c) where the dscp parameter is parsed from a URI and left-shifted without bounds checking. Supplying a maximum 32-bit signed integer (2147483647) triggers undefined behavior due to a left shift that exceeds the representable range of int. … Read More “FFmpeg 7.0+ Integer Overflow in DSCP Option Handling of FFmpeg UDP Protocol  – Full Disclosure” »

  Posted by Ron E on Sep 08 The FFmpeg tools/yuvcmp utility is vulnerable to an integer overflow when large width and height parameters are supplied. The overflow occurs during buffer size calculations (width * height) leading to incorrect allocation sizes and subsequent memory corruption. An attacker controlling input dimensions can trigger large or invalid … Read More “FFmpeg 7.0+ Integer Overflow in FFmpeg yuvcmp Tool Leads to Out-of-Bounds Allocation  – Full Disclosure” »

  Posted by Ron E on Sep 08 FFmpeg invokes function pointers through incorrect type casting, leading to type confusion. UndefinedBehaviorSanitizer logs mismatched signatures in utils.c:528. Crafted inputs can cause UB, misaligned function dispatch, and possible arbitrary code execution depending on platform ABI. (FFmpeg 7.0 – 8.0) *Impact:* – DoS in normal builds. – Potential … Read More “FFmpeg 7.0+ Type Confusion in FFmpeg Function Pointer Calls (libavformat/utils.c)  – Full Disclosure” »

  Posted by Ron E on Sep 08 Improper validation in libavutil/avstring.c allows a NULL pointer dereference when processing certain strings in HLS contexts. UBSan reports “applying zero offset to null pointer.” Triggers denial of service (DoS) when FFmpeg processes malicious playlists or malformed URLs. (FFmpeg 7.0 – 8.0) *Impact:* – Consistently crashes the process … Read More “FFmpeg 7.0+ NULL Pointer Dereference in FFmpeg String Handling (avstring.c)  – Full Disclosure” »

  Posted by Ron E on Sep 08 Malformed .m3u8 playlists can trigger a heap use-after-free when the HLS demuxer handles segment references. ASan reports access to freed memory inside libavformat/utils.c:528. A crafted .m3u8 could allow remote attackers to achieve denial of service (DoS), information disclosure, or potentially remote code execution depending on heap state. … Read More “FFmpeg 7.0+ Heap Use-After-Free in FFmpeg HLS Demuxer (libavformat/utils.c)  – Full Disclosure” »

  Posted by Ron E on Sep 08 The FullBox::get_flags() method retrieves 24-bit flags from the underlying box header. When a malformed box truncates the field, the function still attempts to read three bytes. With insufficient data, this reads past valid memory into uninitialized or out-of-bounds memory. *Root Cause:* – No length validation before reading … Read More “libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags  – Full Disclosure” »

  Posted by Ron E on Sep 08 Box_hdlr::get_handler_type() (libheif/box.h:487) is called even when the hdlr box has not been properly initialized due to malformed input. This leads to dereferencing a null object pointer. *Root Cause:* – No validation of hdlr box presence before accessing handler fields. *Impact:* – Application crash only (DoS). – No … Read More “libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type  – Full Disclosure” »

  Posted by Ron E on Sep 08 During construction of a Track_Visual object, corrupted sequence metadata can leave a std::vector<unsigned> uninitialized. When .empty() is called, it attempts to dereference a null object. *Root Cause:* – Missing input validation when constructing vectors from parsed boxes. *Impact:* – Application crash (DoS). – Not exploitable for code … Read More “libheif v1.21.0 Null Pointer Dereference in std::vector::empty  – Full Disclosure” »

  Posted by Ron E on Sep 08 An integer overflow vulnerability exists in the Y4M input loader (loadY4M in decoder_y4m.cc) of libheif. The loader fails to properly validate the width and height values declared in the Y4M file header. Supplying a crafted .y4m file with extremely large dimensions (e.g., W2147483647 H2147483647) causes integer overflow … Read More “libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation  – Full Disclosure” »

  Posted by Ron E on Sep 08 The vulnerability resides in the constructor Chunk::Chunk ( libheif/sequences/chunk.cc:89). When parsing the Sample Size Box (stsz) of a HEIF sequence track, the code allocates a std::vector<unsigned int> and then appends entries for each sample size. The count used for allocation and iteration is taken directly from the … Read More “libheif v1.21.0 Heap Buffer Overflow in Chunk::Chunk  – Full Disclosure” »

  Posted by Ron E on Sep 08 The Track::init_sample_timing_table logic manages a std::vector<std::shared_ptr<Chunk>> representing parsed sequence chunks. With malformed HEIF sequence files, corrupted chunk tables may cause premature destruction of Chunk objects while references remain in the vector. Later accesses via std::__shared_ptr<Chunk>::get() return a dangling pointer. ASan reports these as heap-buffer-overflows because the stale … Read More “libheif 1.21.0 Use-After-Free / Dangling shared_ptr in Track Chunk Handling  – Full Disclosure” »

  Posted by Ron E on Sep 08 The Box_stts structure defines decoding time to sample mapping. In Box_stts::get_sample_duration(unsigned), the requested index is assumed valid. A crafted file can set entry_count inconsistently with the actual buffer size, leading to access beyond the bounds of the parsed vector. *Root Cause:* – Lack of bounds checks on … Read More “libheif v1.21.0 Out-of-Bounds Read in Box_stts::get_sample_duration  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8 macOS Ventura 13.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/124929. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Ventura Impact: Processing … Read More “APPLE-SA-08-20-2025-5 macOS Ventura 13.7.8  – Full Disclosure” »

  Posted by Seralys Research Team via Fulldisclosure on Sep 08 Seralys Security Advisory | https://www.seralys.com/research ====================================================================== Title: Unauthenticated User Creation Product: SpamTitan Email Security Gateway Affected: Confirmed on 8.00.95 Fixed in: 8.00.101 and 8.01.14 Vendor: TitanHQ Discovered: May 2024 Severity: HIGH CWE: CWE-306: Missing Authentication for Critical Function CVE:… – Read More  – Full Disclosure 

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-2 iPadOS 17.7.10 iPadOS 17.7.10 addresses the following issues. Information about the security content is also available at https://support.apple.com/124926. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: iPad Pro 12.9-inch 2nd generation, iPad … Read More “APPLE-SA-08-20-2025-2 iPadOS 17.7.10  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1 macOS Sequoia 15.6.1 addresses the following issues. Information about the security content is also available at https://support.apple.com/124927. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Sequoia Impact: Processing … Read More “APPLE-SA-08-20-2025-3 macOS Sequoia 15.6.1  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8 macOS Sonoma 14.7.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/124928. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: macOS Sonoma Impact: Processing … Read More “APPLE-SA-08-20-2025-4 macOS Sonoma 14.7.8  – Full Disclosure” »

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 22.5.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/22.5.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 22.5.2 ## Change Log for Release asterisk-22.5.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Andrey Stoykov on Sep 08 # Exploit Title: Host Header Injection – silverstripecmsv6.0.0 # Date: 08/2025 # Exploit Author: Andrey Stoykov # Version: 6.0.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/08/friday-fun-pentest-series-39-host.html Host Header Injection #1: Steps to Reproduce: – Login and change the Host header to Burp Collab domain – Upon … Read More “Host Header Injection – silverstripecmsv6.0.0  – Full Disclosure” »

  Posted by Andrey Stoykov on Sep 08 # Exploit Title: [Vuln] – silverstripecmsv6.0.0 # Date: 08/2025 # Exploit Author: Andrey Stoykov # Version: 6.0.0 # Tested on: Debian 12 # Blog: https://msecureltd.blogspot.com/2025/08/friday-fun-pentest-series-40-csv.html CSV Injection #1: Steps to Reproduce: – Login and visit “Security” > “Add Member” > “First Name” and enter payload of =30*30 … Read More “CSV Injection – silverstripecmsv6.0.0  – Full Disclosure” »

  Posted by Apple Product Security via Fulldisclosure on Sep 08 APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2 iOS 18.6.2 and iPadOS 18.6.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/124925. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. ImageIO Available for: … Read More “APPLE-SA-08-20-2025-1 iOS 18.6.2 and iPadOS 18.6.2  – Full Disclosure” »

  Posted by George Joseph via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Certified Asterisk 18.9-cert17. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/certified-18.9-cert17 and https://downloads.asterisk.org/pub/telephony/certified-asterisk Repository: https://github.com/asterisk/asterisk Tag: certified-18.9-cert17 ## Change Log for Release asterisk-certified-18.9-cert17 ###… – Read More  – Full Disclosure 

  Posted by josephgoyd via Fulldisclosure on Sep 08 Improper Input Validation in Siri Shortcuts and Shared Web Credentials Enables Persistent Background Execution, Retry Storms, and Sandbox Extension Abuse Date Discovered: August 20, 2025 Discovered By: Joseph Goydish II Affected: – iOS/macOS versions supporting Siri Shortcuts + Shared Web Credentials (SWC) – Confirmed on iPhone … Read More “(iOS 18.6.2) Improper Input Validation in Siri Shortcuts and Shared Web Credentials  – Full Disclosure” »

  Posted by josephgoyd via Fulldisclosure on Sep 08 [Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms) Overview: A criticalzero-dayvulnerability in AppleMediaServices (AMS) affects all Apple platforms — iOS, macOS, tvOS, and watchOS. When AMS fails to fetch its remote “Bag” config file, it disables Mescal and Absinthe request signingwithout warning, falling back to unsigned, unauthenticated … Read More “[Zero-Day] AppleMediaServices Fail-Open Auth Bypass (All Platforms)  – Full Disclosure” »

  Posted by Joseph Goydish II via Fulldisclosure on Sep 08 TITLE: APPLE’S A17 PRO SILICON FLAW: SHARED I²C4 BUS BETWEEN SECURE ENCLAVE AND DIGITIZER CAUSES CASCADING SYSTEM FAILURE SUMMARY: This report discloses a CRITICAL HARDWARE FLAW in Apple’s A17 Pro chip (D84AP), affecting retail iPhone 15 Pro Max devices. The flaw results from a … Read More “Apple’s A17 Pro Chip: Critical Flaw Causes Dual Subsystem Failure & Forensic Log Loss  – Full Disclosure” »

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 18.26.4. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/18.26.4 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 18.26.4 ## Change Log for Release asterisk-18.26.4 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 21.10.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/21.10.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 21.10.2 ## Change Log for Release asterisk-21.10.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Asterisk Development Team via Fulldisclosure on Sep 08 The Asterisk Development Team would like to announce security release Asterisk 20.15.2. The release artifacts are available for immediate download at https://github.com/asterisk/asterisk/releases/tag/20.15.2 and https://downloads.asterisk.org/pub/telephony/asterisk Repository: https://github.com/asterisk/asterisk Tag: 20.15.2 ## Change Log for Release asterisk-20.15.2 ### Links: – [Full ChangeLog](… – Read More  – Full Disclosure 

  Posted by Ron E on Aug 18 nopCommerce is vulnerable to Insufficient Resource Allocation Limits when handling large Excel file imports. Although the application provides a warning message recommending that users avoid importing more than 500–1,000 records at once due to memory constraints, the system does not enforce hard limits on file size, record … Read More “Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Aug 18 Confidentiality class: Internal & Partner SEC Consult Vulnerability Lab Security Advisory < publishing date 20250807-0 > ======================================================================= title: Race Condition in Shopware Voucher Submission product: Shopware 6 vulnerable version: v6.6.10.4 fixed version: No fixed version available yet CVE number: CVE-2025-7954 impact: medium… – Read … Read More “SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission  – Full Disclosure” »

  Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Aug 18 Confidentiality class: Internal & Partner SEC Consult Vulnerability Lab Security Advisory < publishing date 20250728-0 > ======================================================================= title: Multiple Stored Cross-Site Scripting Vulnerabilities product: Optimizely Episerver Content Management System (EPiServer.CMS.Core) vulnerable version: Version 11.X: <11.21.4 Version 12.X:… – Read More  – Full Disclosure 

  Posted by Ron E on Aug 18 A CSV Injection vulnerability exists in iDempiere WebUI v12.0.0.202508171158. The application fails to properly sanitize user-supplied input before including it in exported CSV files. An authenticated attacker can inject malicious spreadsheet formulas (e.g., =cmd|’/C notepad’!A1) into fields that are later exported. When the CSV is opened in … Read More “CSV Injection in iDempiere WebUI 12.0.0.202508171158  – Full Disclosure” »

  Posted by Ron E on Aug 18 The application does not issue a new session identifier (JSESSIONID) after successful authentication. An attacker who can set or predict a victim’s session ID prior to login may hijack the victim’s authenticated session once they log in, resulting in full account takeover. POST /webui HTTP/2 Host: <host> … Read More “Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158  – Full Disclosure” »

  Posted by Ron E on Aug 18 nopCommerce v4.10 and 4.80.3 is vulnerable to Insufficient Invalidation of Session Cookies. The application does not properly invalidate or expire authentication cookies after logout or session termination. An attacker who obtains a valid session cookie (e.g., via network interception, XSS, or system compromise) can continue to use … Read More “Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3  – Full Disclosure” »

  Posted by Ron E on Aug 18 nopCommerce versions v4.10 and v4.80.3 are vulnerable to *C*SV Injection (Formula Injection) when exporting data to CSV. The application does not properly sanitize user-supplied input before including it in CSV export files. An attacker can inject malicious spreadsheet formulas into fields that will later be exported (for … Read More “CSV Injection in nopcommerce v4.10 and 4.80.3  – Full Disclosure” »

  Posted by Ron E on Aug 18 lcf2xml (part of liblcf) aborts when parsing specially crafted RPG Maker 2000/2003 files that supply a negative element count for vectors of structured records. The generic reader: template <class S> void Struct<S>::ReadLcf(std::vector<S>& vec, LcfReader& stream) { int count = stream.ReadInt(); vec.resize(count); // <— negative -> huge size_t … Read More “liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS)  – Full Disclosure” »

  Posted by Ron E on Aug 18 A crafted RPG Maker save file (`.lsd`) can trigger an integer overflow in liblcf’s lcfstrings compressed integer decoding logic (`LcfReader::ReadInt()`), resulting in an unbounded shift and accumulation loop. The overflowed value is later used in buffer size allocations and structure parsing, causing large memory access requests and … Read More “liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service  – Full Disclosure” »

  Posted by Usman Saeed via Fulldisclosure on Aug 18 #!/usr/bin/env python3 “”” Adaptive Multi-Protocol Traceroute Author: Usman Saeed email: u () defzero net<mailto:u () defzero net> Website: www.defzero.net<http://www.defzero.net> Description: This script is a TTL-based path mapper that reveals routes even when classic traceroute is filtered. The idea was that it would run in passes: … Read More “Multi-Protocol Traceroute  – Full Disclosure” »

  Posted by josephgoyd via Fulldisclosure on Aug 18 TITLE: Undocumented TCC Access to Multiple Privacy Domains via ‘preflight=yes’ in iOS 18.6 AUTHOR: Joseph Goydish II DISCOVERY DATE: 2025-08-13 DEVICE: iPhone 14 Pro Max OS VERSION: iOS 18.6 (non-jailbroken, stock) SEVERITY: High ACCESS: USB debugging or local log access IMPACT: Silent, undocumented system access to … Read More “iOS 18.6 – Undocumented TCC Access to Multiple Privacy Domains via preflight=yes  – Full Disclosure” »

  Posted by Jozef Sudolsky on Aug 18 Dear community, I’d like to share a small tool I’ve recently released – CRSprober. This utility is designed to remotely detect the version of the OWASP CRS as well as the configured paranoia level on a target protected by ModSecurity + CRS. It works by sending specific … Read More “[tool] CRSprober  – Full Disclosure” »

  Posted by Georg Lukas on Aug 18 PDF advisory: https://rt-solutions.de/piciorgros/Piciorgros_TMO-100_IP-Logger_en.pdf Classification ————– – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor – CVSS 4.0 Score: 5.3 / Medium CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N – CVSS 3.1 Score: 4.3 / Medium CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected systems —————- – Piciorgros TMO-100 V3/V4 with software version… – Read More  – Full Disclosure 

  Posted by Georg Lukas on Aug 18 <PDF advisory: https://rt-solutions.de/piciorgros/Piciorgros_TMO-100_TFTP_en.pdf > Classification ————– – CWE-306: Missing Authentication for Critical Function – CWE-940: Improper Verification of Source of a Communication Channel – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor – CVSS 4.0 Score: 8.4 / High CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:L/SI:N/SA:H – CVSS 3.1 Score: 8.3… – Read … Read More “Piciorgros TMO-100: Unauthorized configuration change via TFTP (CVE-2025-29617)  – Full Disclosure” »