Fortinet FortiOS Out-of-Bounds Read Vulnerability

Fortinet FortiOS is a set of security operating system dedicated to FortiGate network security platform from American Fita Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An out-of-bounds read vulnerabili...

Freescout String Formatting Vulnerability

FreeScout is an open source helpdesk system built on the PHP Laravel framework, designed to provide users with functionality similar to Zendesk or Help Scout, but without sacrificing privacy or freedom. Freescout suffers from a string formatting vulnerability that stems from insufficient validati...

FreeFloat FTP Server Buffer Overflow Vulnerability (CNVD-2025-14376)

FreeFloat FTP Server is an FTP service from FreeFloat. A buffer overflow vulnerability exists in FreeFloat FTP Server, which stems from the XCWD Command Handler component failing to properly validate the length size of input data, no details of the vulnerability are provided at this time...

Tenda AC8 /goform/WifiExtraSet File Buffer Overflow Vulnerability

Tenda AC8 is a wireless router from Tenda, a Chinese company. Tenda AC8 suffers from a buffer overflow vulnerability, which originates from the parameter wpapskcrypto in the file /goform/WifiExtraSet that fails to correctly validate the length and size of the input data, which can be exploited by...

The vulnerability of the “Sotbit: Multiregionality” plugin, which stems from insufficient validation of input data, allows attackers to execute arbitrary code.

The vulnerability of the “Sotbit: Multiregionality” plugin is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

TOTOLINK X15 安全漏洞

TOTOLINK X15 is a network wireless extender from China's Gion Electronics TOTOLINK. The TOTOLINK X15 suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file /boafrm/formDMZ to correctly validate the length and size of the input data,...

SUSE CVE-2025-24015

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input...

The vulnerability of the gfs2 component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the gfs2 component in Linux operating systems is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a system failure...

CVE-2025-1051

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-48489

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

CVE-2025-48875

CVE-2025-48875 affects FreeScout prior to version 1.8.181, where incorrect validation of last_name and first_name during profile data updates enables injection of arbitrary JavaScript. The attacker could trigger XSS when the affected data is deleted (described as a flesh-message in some sources)....

CVE-2025-48489

CVE-2025-48489 affects FreeScout (PHP/Laravel) prior to version 1.8.180. The issue is a Cross-Site Scripting (XSS) vulnerability caused by insufficient data validation and sanitization during data reception. Evidence across multiple sources confirms the vulnerability and notes that it has been pa...

CVE-2025-48489 FreeScout Vulnerable to Stored XSS

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to insufficient data validation and sanitization during data reception. This issue has been patched in version 1.8.180...

The vulnerability of VideoGrace video conference software, related to insufficient validation of input data, allows a intruder to trigger a service failure.

The vulnerability of VideoGrace video conferencing software is related to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures by sending specially crafted requests...

Planet FW-WGS-804HPT web_acl_mgmt_Rules_Edit_postcontains function buffer overflow vulnerability

Planet FW-WGS-804HPT is a wall-mounted managed switch from China PLANET. The Planet FW-WGS-804HPT suffers from a buffer overflow vulnerability that originates from the failure of the byruleEditName parameter in the webaclmgmtRulesEditpostcontains function to correctly validate the length and size...

Fedora: Security Advisory (FEDORA-2025-8fbc37e703)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-eab322e215)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-47962

Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can manipulate an insider to visit a malicious page or file to leverage this vulnerability to execute code in the context of the current...

CVE-2024-7256

Insufficient data validation in Dawn in Google Chrome on Android prior to 127.0.6533.88 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...