shinyColumn

10 exploits Active since Sep 2025
CVE-2025-56799 GITHUB MEDIUM python WORKING POC
Reolink 8.18.12 - Command Injection via Crafted Folder Name
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself.
1 stars
CVSS 6.5
CVE-2025-56803 NOMISEC HIGH WORKING POC
Figma Desktop 125.6.5 - OS Command Injection via Plugin Manifest Build Field
Figma Desktop for Windows version 125.6.5 contains a command injection vulnerability in the local plugin loader. An attacker can execute arbitrary OS commands by setting a crafted build field in the plugin's manifest.json. This field is passed to child_process.exec without validation, leading to possible RCE. NOTE: this is disputed by the Supplier because the behavior only allows a local user to attack himself via a local plugin. The local build procedure, which is essential to the attack, is not executed for plugins shared to the Figma Community.
1 stars
CVSS 8.4
CVE-2025-46408 NOMISEC CRITICAL WORKING POC
AVTECH EagleEyes <2.0.0 - Info Disclosure
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
1 stars
CVSS 9.8
CVE-2025-56800 GITHUB MEDIUM python WORKING POC
Reolink 8.18.12 - Authentication Bypass via Client-Side Lock Screen Password Property
Reolink desktop application 8.18.12 contains a vulnerability in its local authentication mechanism. The application implements lock screen password logic entirely on the client side using JavaScript within an Electron resource file. Because the password is stored and returned via a modifiable JavaScript property(a.settingsManager.lockScreenPassword), an attacker can patch the return value to bypass authentication. NOTE: this is disputed by the Supplier because the lock-screen bypass would only occur if the local user modified his own instance of the application.
CVSS 5.1
CVE-2025-56802 GITHUB MEDIUM python WORKING POC
Reolink desktop app - Info Disclosure
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.
CVSS 5.1
CVE-2025-50944 NOMISEC HIGH WRITEUP
AVTECH EagleEyes 2.0.0 - Info Disclosure
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation.
CVSS 8.8
CVE-2025-50110 NOMISEC HIGH WRITEUP
AVTECH EagleEyes Lite <2.0.0 - Info Disclosure
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS
CVSS 8.8
CVE-2025-56799 WRITEUP MEDIUM WORKING POC
Reolink 8.18.12 - Command Injection via Crafted Folder Name
Reolink desktop application 8.18.12 contains a command injection vulnerability in its scheduled cache-clearing mechanism via a crafted folder name. NOTE: this is disputed by the Supplier because a crafted folder name would arise only if the local user were attacking himself.
CVSS 6.5
CVE-2025-56801 WRITEUP MEDIUM WRITEUP
Reolink Desktop App 8.18.12 - Info Disclosure
The Reolink Desktop Application 8.18.12 contains hardcoded credentials as the Initialization Vector (IV) in its AES-CFB encryption implementation allowing attackers with access to the application environment to reliably decrypt encrypted configuration data. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.
CVSS 5.1
CVE-2025-56802 WRITEUP MEDIUM WORKING POC
Reolink desktop app - Info Disclosure
The Reolink desktop application uses a hard-coded and predictable AES encryption key to encrypt user configuration files allowing attackers with local access to decrypt sensitive application data stored in %APPDATA%. A different vulnerability than CVE-2025-56801. NOTE: the Supplier's position is that material is not hardcoded and is instead randomly generated on each installation of the application.
CVSS 5.1