I know a bunch of you nerds like playing with ESP32s, etc.

sev:HIGH 8.7 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within AsyncWebHeader.cpp. Unsanitized input allows attackers to inject CR (\r) or LF (\n) characters into header names or values, leading to arbitrary header or response manipulation. Manipulation of HTTP headers and responses can enable a wide range of attacks, making the severity of this vulnerability high. A fix is available at pull request 211 and is expected to be part of version 3.7.9.

https://nvd.nist.gov/vuln/detail/CVE-2025-53094

Fucking Ubiquiti showing they're the Tesla of networking yet again.

https://community.ui.com/releases/Security-Advisory-Bulletin-048-048/af007d99-bb6d-4368-a12f-75e84de19e8d

sev:CRIT 9.9 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Multiple Authenticated SQL Injection vulnerabilities found in UISP Application (Version 2.4.206 and earlier) could allow a malicious actor with low privileges to escalate privileges.

https://nvd.nist.gov/vuln/detail/CVE-2025-24290

Get your Flippers out.

https://github.com/yangting111/BLE_TEST/blob/main/result/PoC/Realtek/Pairing_Random_Before_Pairing_Public_Key.md

An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.

https://nvd.nist.gov/vuln/detail/CVE-2025-44531

Wat

sev:HIGH 8.8 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.

https://nvd.nist.gov/vuln/detail/CVE-2024-6174

sigh

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege attackers to gain administrative access to the device’s web interface.

And those creds are:

blueangel:blueangel
root:abnareum10
root:Admin@tbroad
root:superuser
user:user
guest:guest

https://nvd.nist.gov/vuln/detail/CVE-2025-34034

#OT #Advisory VDE-2025-045
Pilz: Missing Authentication in Node-RED integration

#CVE CVE-2025-41656

https://certvde.com/en/advisories/VDE-2025-045

#CSAF https://pilz.csaf-tp.certvde.com/.well-known/csaf/white/2025/ppsa-2025-002.json

That's kind of a fun PrivEsc.

sev:CRIT 9.3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.

https://nvd.nist.gov/vuln/detail/CVE-2025-53391

FYI: There is a ton of scanning for this one for some reason.

/locales/locale.json?locale=../../../pterodactyl&namespace=config/database

/locales/locale.json?locale=../../config/&namespace=database

https://github.com/Zen-kun04/CVE-2025-49132

Wait, we're still doing port knocking? I thought that was a lost art that got snuffed out by the "obscurity does not provide security" nerds.

https://github.com/mbuesch/letmein/security/advisories/GHSA-jpv7-p47h-f43j

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections (TCP, UDP and Unix socket) for the services letmeind and letmeinfwd. Therefore, the command line option num-connections is not effective and does not limit the number of simultaneously incoming connections. This issue has been patched in version 10.2.1.

https://nvd.nist.gov/vuln/detail/CVE-2025-52570

Oh my. Perfect 10 ../ in a KVM server management panel.

https://github.com/ConvoyPanel/panel/security/advisories/GHSA-43g3-qpwq-hfgg

sev:CRIT 10.0 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. This allows the attacker to include and execute arbitrary PHP files on the server. This issue has been patched in version 4.4.1. A temporary workaround involves implementing strict Web Application Firewall (WAF) rules to incoming requests targeting the vulnerable endpoints.

https://nvd.nist.gov/vuln/detail/CVE-2025-52562