24h | 7d | 30d

Overview

  • Array Networks
  • ArrayOS AG

05 Dec 2025
Published
08 Dec 2025
Updated

CVSS v3.1
HIGH (7.2)
EPSS
0.15%

Description

Array Networks ArrayOS AG before 9.4.5.9 allows command injection, as exploited in the wild in August through December 2025.

Statistics

  • 1 Post

Last activity: 2 hours ago

Bluesky

Profile picture
~Cisa~ CISA adds two actively exploited vulnerabilities affecting D-Link routers (CVE-2022-37055) and Array Networks OS (CVE-2025-66644) to its KEV catalog. - IOCs: CVE-2022-37055, CVE-2025-66644 - #CISA #KEV #ThreatIntel
  • 0
  • 0
  • 0
  • 2h ago

Overview

  • Yottamaster
  • DM2

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.05%

KEV

Description

A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 9 hours ago

Overview

  • D-Link
  • DCS-930L

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.3)
EPSS
0.63%

KEV

Description

A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 9 hours ago

Overview

  • Yealink
  • SIP-T21P E2

08 Dec 2025
Published
08 Dec 2025
Updated

CVSS v4.0
MEDIUM (5.1)
EPSS
0.03%

KEV

Description

A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.

Statistics

  • 1 Post
  • 2 Interactions

Last activity: 9 hours ago
Showing 31 to 34 of 34 CVEs