67 matches found
CVE-2026-25933
The vulnerability CVE-2026-25933 affects Arduino App Lab prior to 0.4.0. The Terminal component fails to sanitize/validate _info.Serial and _info.Address data from connected hardware, allowing specially crafted strings to execute as the user when a tampered board is used. Exploitation requires ph...
CVE-2020-37095
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...
CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)
Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...
QlikView security vulnerabilities
QlikView is a business intelligence and data visualization analysis software developed by the American company QlikView Corporation. Version QlikView 12.50.20000.0 contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the FTP server address input...
PT-2026-5157
docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...
Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability
Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the mac2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate th...
CVE-2023-40847
Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check...
AZL-73335 CVE-2025-11961 affecting package libpcap for versions less than 1.10.6-1
pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...
PT-2025-46848
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619 B20230130 and NR1800X V9.1.0u.6681 B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stac...
CVE-2025-60688
The CVE-2025-60688 issue affects ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) router firmware. In the cstecgi.cgi binary (setDefResponse function), the IpAddress parameter from a web request is copied into a fixed-size stack buffer with strcpy() without length v...
CVE-2025-60313
Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting XSS in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of the mail.Address value. An attacker can manipulate email routing or inject unauthorized SMTP parameters by supplying specially crafted email addresses. Note: This is only exploitable...
CVE-2025-10345
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'...
PT-2025-39758
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search bar portlet when user-supplied input in the URL is not properly sanitized. An attacker can execute arbitrary web scripts in the context of the user's browser by tricking a user into clicking a...
CVE-2023-21481
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...
SAMSUNG Account 安全漏洞
SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 14.1.0.0 that stems from improper URL input validation, which could allow a remote attacker to obtain sensitive information...
CVE-2025-9769
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...
CVE-2025-9769 D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection
A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...
CVE-2024-6469
A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main=featurefirewall=firewalllist of the component Template Handler. The manipulation of the argument IP address with the input id...