Skip to main content
CVE-2025-9902 HIGH This Week

Information disclosure in AKIN Software's QRMenu (versions 1.05.12 up to the build dated 05.09.2025) allows unauthenticated remote attackers to access other users' or tenants' data by manipulating user-controlled identifiers in requests (IDOR). Reported by Turkey's national CSIRT (USOM); no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-11666 HIGH This Week

Hard-coded credentials in Tenda RP3 Pro firmware (versions up to 22.5.7.93) allow local high-privilege attackers to bypass authentication during firmware updates via the force_upgrade.sh script. Public exploit code exists on GitHub. CVSS 7.0 (High) reflects local access requirement with high privileges, making this a lower real-world priority despite the severity rating - exploitation requires an attacker to already have administrative console access to the device.

Tenda Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy