HackTesting

Common Vulnerabilities and Exposures (CVE)

CVE-2025-13658

Dec 2, 2025 21:41:24 UTC

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges.

CVE-2025-64642

Dec 2, 2025 21:40:46 UTC

NMIS/BioDose V22.02 and previous versions' installation directory paths by default have insecure file permissions, which in certain deployment scenarios can enable users on client workstations to modify the program executables and libraries...

CVE-2025-64298

Dec 2, 2025 21:40:09 UTC

NMIS/BioDose V22.02 and previous version installations where the embedded Microsoft SQLServer Express is used are exposed in the Windows share accessed by clients in networked installs. By default, this directory has insecure directory path...

CVE-2025-61940

Dec 2, 2025 21:39:30 UTC

NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underly...

CVE-2025-64778

Dec 2, 2025 21:38:49 UTC

NMIS/BioDose software V22.02 and previous versions contain executable binaries with plain text hard-coded passwords. These hard-coded passwords could allow unauthorized access to both the application and database.

CVE-2025-62575

Dec 2, 2025 21:37:46 UTC

NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certa...

CVE-2021-3517

Dec 2, 2025 21:34:00 UTC

There is a flaw in the xml entity encoding functionality of libxml2 in versions before 2.9.11. An attacker who is able to supply a crafted file to be processed by an application linked with the affected functionality of libxml2 could trigge...

CVE-2021-35268

Dec 2, 2025 21:30:53 UTC

In NTFS-3G versions < 2021.8.22, when a specially crafted NTFS inode is loaded in the function ntfs_inode_real_open, a heap buffer overflow can occur allowing for code execution and escalation of privileges.

CVE-2021-39251

Dec 2, 2025 21:23:50 UTC

A crafted NTFS image can cause a NULL pointer dereference in ntfs_extent_inode_open in NTFS-3G < 2021.8.22.

CVE-2021-39252

Dec 2, 2025 21:23:06 UTC

A crafted NTFS image can cause an out-of-bounds read in ntfs_ie_lookup in NTFS-3G < 2021.8.22.

CVE-2021-39253

Dec 2, 2025 21:22:40 UTC

A crafted NTFS image can cause an out-of-bounds read in ntfs_runlists_merge_i in NTFS-3G < 2021.8.22.

CVE-2021-39254

Dec 2, 2025 21:21:58 UTC

A crafted NTFS image can cause an integer overflow in memmove, leading to a heap-based buffer overflow in the function ntfs_attr_record_resize, in NTFS-3G < 2021.8.22.

CVE-2021-39255

Dec 2, 2025 21:19:28 UTC

A crafted NTFS image can trigger an out-of-bounds read, caused by an invalid attribute in ntfs_attr_find_in_attrdef, in NTFS-3G < 2021.8.22.

CVE-2021-39256

Dec 2, 2025 21:18:48 UTC

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_inode_lookup_by_name in NTFS-3G < 2021.8.22.

CVE-2021-39258

Dec 2, 2025 21:17:58 UTC

A crafted NTFS image can cause out-of-bounds reads in ntfs_attr_find and ntfs_external_attr_find in NTFS-3G < 2021.8.22.

Page: 2