CVSS: 7.8EPSS: %CPEs: 39EXPL: 0CVE-2025-21454 – Buffer Over-read in WLAN Embedded SW
https://notcve.org/view.php?id=CVE-2025-21454
08 Jul 2025 — Transient DOS while processing received beacon frame. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: %CPEs: 34EXPL: 0CVE-2025-21449 – Buffer Over-read in WLAN Embedded SW
https://notcve.org/view.php?id=CVE-2025-21449
08 Jul 2025 — Transient DOS may occur while processing malformed length field in SSID IEs. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2025-21446 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2025-21446
08 Jul 2025 — Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 6.2EPSS: %CPEs: 30EXPL: 0CVE-2025-21433 – NULL Pointer Dereference in SPS-HLOS
https://notcve.org/view.php?id=CVE-2025-21433
08 Jul 2025 — Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. • https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html • CWE-476: NULL Pointer Dereference •
CVSS: 6.9EPSS: 0%CPEs: 53EXPL: 0CVE-2025-41222
https://notcve.org/view.php?id=CVE-2025-41222
08 Jul 2025 — This could allow an attacker with network access to the webserver to cause a denial of service resulting in the web server and the device to crash. • https://cert-portal.siemens.com/productcert/html/ssa-083019.html • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-40593
https://notcve.org/view.php?id=CVE-2025-40593
08 Jul 2025 — This could allow an attacker to cause a denial of service condition. • https://cert-portal.siemens.com/productcert/html/ssa-626991.html • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27127
https://notcve.org/view.php?id=CVE-2025-27127
08 Jul 2025 — This could allow an attacker with contributor privileges to cause denial of service by uploading a malicious project. • https://cert-portal.siemens.com/productcert/html/ssa-460466.html • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-41665 – Phoenix Contact: DoS of the PLC due to incorrect default permissions possible
https://notcve.org/view.php?id=CVE-2025-41665
08 Jul 2025 — An low privileged remote attacker can enforce the watchdog of the affected devices to reboot the PLC due to incorrect default permissions of a config file. • https://certvde.com/en/advisories/VDE-2025-054 • CWE-276: Incorrect Default Permissions •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24004 – USB-C Buffer Overflow via Display Interface in EV Charging Stations
https://notcve.org/view.php?id=CVE-2025-24004
08 Jul 2025 — A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary denial-of-service for the stations until they got restarted by the watchdog. • https://certvde.com/de/advisories/VDE-2025-014 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-24003 – MQTT OOB Write Vulnerability in EichrechtAgents of German EV Charging Stations
https://notcve.org/view.php?id=CVE-2025-24003
08 Jul 2025 — An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only EichrechtAgents and potential denial-of-service for these stations. • https://certvde.com/en/advisories/VDE-2025-014 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •