CVE-2026-46625 vulnerabilities

Vulnerabilities for packages: saf...

CVE-2026-46625

creationtimestamp| type| source ---|---|--- 2026-05-16 05:48:24+00:00| published-proof-of-concept| https://github.com/js-cookie/js-cookie/security/advisories/GHSA-qjx8-664m-686j...

EUVD-2025-46625

Malicious code in lina-buburayam97-sukiwir npm...

CVE-2021-46625

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handli...

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

CVE-2025-46625

creationtimestamp| type| source ---|---|--- 2025-05-01 22:01:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo5cpttur72p 2025-05-01 23:12:36+00:00| seen| https://t.me/cvedetector/24268 2025-05-02 14:15:54+00:00| published-proof-of-concept|...

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

CVE-2025-46625

Lack of input validation/sanitization in the 'setLanCfg' API endpoint in httpd in the Tenda RX2 Pro 16.03.30.14 allows a remote attacker that is authorized to the web management portal to gain root shell access to the device by sending a crafted web request. This is persistent because the command...

CVE-2025-46625

The CVE concerns the Tenda RX2 Pro (firmware 16.03.30.14) where lack of input validation/sanitization in the httpd setLanCfg API enables an authorized attacker to achieve root shell access via a crafted request. The vulnerability is persisted because the command injection is saved in the device c...

CVE-2024-46625

creationtimestamp| type| source ---|---|--- 2024-12-03 22:09:08+00:00| seen| https://infosec.exchange/users/cve/statuses/113591173004315447 2024-12-04 00:01:30+00:00| seen| https://t.me/cvedetector/11921...

CVE-2024-46625

An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file...

CVE-2023-46625

CVE-2023-46625 is a CSRF vulnerability in the DAEXT Autolinks Manager WordPress plugin, affecting versions

CVE-2023-46625 WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in DAEXT Autolinks Manager plugin = 1.10.04 versions...

CVE-2021-46625

creationtimestamp| type| source ---|---|--- 2022-02-18 22:40:31+00:00| seen| https://t.me/cibsecurity/37753...

CVE-2021-46625

Bentley View 10.15.0.75 is affected by CVE-2021-46625 (JT file parsing) due to a double-free/invalid-free condition in object handling that allows code execution. Exploitation requires user interaction (open a malicious file/page). Root cause: lack of validating object existence before freeing. M...