CVE-2025-52918 is a security vulnerability (CVSS 5.0). Remediation should follow standard vulnerability management procedures.
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests.
CVE-2025-3629 is a security vulnerability (CVSS 4.3) that allows an authenticated user. Remediation should follow standard vulnerability management procedures.
A security vulnerability in Yealink RPS (CVSS 4.3). Remediation should follow standard vulnerability management procedures.
PEAK-System Driver PCANFD_ADD_FILTERS Time-Of-Check Time-Of-Use Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of PEAK-System Driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the PCANFD_ADD_FILTERS IOCTL. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-24161.
A remote code execution vulnerability (CVSS 2.2). Remediation should follow standard vulnerability management procedures.
rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trusted root(s), but fails to verify the TSR's own signature against the timestamping leaf certificates. Consequently, vulnerable versions perform insufficient signature validation to properly consider a TSR verified, as the attacker can introduce any TSR signature so long as the embedded leaf chains up to some root TSA. This issue has been patched in version 1.0.3. There is no workaround for this issue.