Skip to main content
CVE-2025-14704 MEDIUM POC This Month

A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of the file /eshell of the component API. The manipulation results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Path Traversal N3 Firmware
NVD VulDB
CVSS 4.0
5.5
EPSS
0.4%
CVE-2025-14711 MEDIUM POC This Month

A flaw has been found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This vulnerability affects unknown code of the file /controller/api/hotelList.php. This manipulation of the argument pickedHotelName/type causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. This product adopts a rolling release strategy to maintain continuous delivery The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Hotels Server
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-14710 MEDIUM POC This Month

A vulnerability was detected in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. This affects an unknown part of the file /controller/api/OrderList.php. The manipulation of the argument telephone results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. This product implements a rolling release for ongoing delivery, which means version information for affected or updated releases is unavailable. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Hotels Server
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-66963 MEDIUM This Month

Sensitive information disclosure in Hitron HI3120 firmware 7.2.4.5.2b1 exposes credentials or session data to a local low-privileged attacker through the device's web management interface Logout function in index.html. The root cause, indicated by the 'Insufficient Session Expiration' tag, is that the logout action fails to fully invalidate or clear sensitive session artifacts, leaving them recoverable post-logout. No active exploitation is confirmed (EPSS 0.11%, 1st percentile), and the attack surface is constrained to local access with low privileges, significantly limiting real-world impact despite the High confidentiality rating.

Information Disclosure Hi3120 Firmware
NVD GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2025-14693 MEDIUM This Month

A vulnerability has been found in Ugreen DH2100+ up to 5.3.0. This affects an unknown function of the component USB Handler. Such manipulation leads to symlink following. The attack can be executed directly on the physical device. The exploit has been disclosed to the public and may be used. It is suggested to upgrade the affected component.

Information Disclosure
NVD VulDB
CVSS 4.0
5.2
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy