Skip to main content
CVE-2025-64308 HIGH This Week

Credential disclosure in the Brightpick Mission Control web application allows anyone able to retrieve the application's client-side JavaScript bundle to extract hardcoded credentials embedded in that code. Because the secrets ship to the browser, any user or adjacent-network actor who loads the front-end can recover them and potentially authenticate to back-end services in this warehouse-automation/ICS-OT product. Reported by CISA ICS-CERT (ICSA-25-317-04); no public exploit has been identified and EPSS exploitation probability is very low (0.06%, 17th percentile).

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.1%
CVE-2025-64307 HIGH This Week

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
7.1
EPSS
0.0%
CVE-2025-13191 HIGH POC This Month

A vulnerability was determined in D-Link DIR-816L 2_06_b09_beta.cgi. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13190 HIGH POC This Month

A vulnerability was found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-13189 HIGH POC This Month

A vulnerability has been found in D-Link DIR-816L 2_06_b09_beta. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

D-Link Buffer Overflow Dir 816L Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.1%
CVE-2025-9317 HIGH This Month

The vulnerability, if exploited, could allow a miscreant with read access to Edge Project files or Edge Offline Cache files to reverse engineer Edge users' app-native or Active Directory passwords. Rated high severity (CVSS 8.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.3
EPSS
0.0%
CVE-2025-8386 HIGH This Month

The vulnerability, if exploited, could allow an authenticated miscreant (with privilege of "aaConfigTools") to tamper with App Objects' help files and persist a cross-site scripting (XSS) injection. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

XSS
NVD GitHub
CVSS 4.0
7.2
EPSS
0.0%
CVE-2025-62765 HIGH This Month

General Industrial Controls Lynx+ Gateway is vulnerable to a cleartext transmission vulnerability that could allow an attacker to observe network traffic to obtain sensitive information, including. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-59780 HIGH This Month

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to send GET requests to obtain sensitive device information. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
8.7
EPSS
0.1%
CVE-2025-55034 HIGH This Month

General Industrial Controls Lynx+ Gateway is vulnerable to a weak password requirement vulnerability, which may allow an attacker to execute a brute-force attack resulting in unauthorized access and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Brute Force
NVD GitHub
CVSS 4.0
8.8
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy