Lucene search
K

67 matches found

CVE
CVE
added 2026/02/12 7:57 p.m.12 views

CVE-2026-25933

The vulnerability CVE-2026-25933 affects Arduino App Lab prior to 0.4.0. The Terminal component fails to sanitize/validate _info.Serial and _info.Address data from connected hardware, allowing specially crafted strings to execute as the user when a tampered board is used. Exploitation requires ph...

6.8CVSS5.4AI score0.00151EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/02/07 12:15 a.m.9 views

CVE-2020-37095

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

9.8CVSS0.0067EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/06 11:14 p.m.2 views

CVE-2020-37095 Cyberoam Authentication Client 2.1.2.7 - Buffer Overflow (SEH)

Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler SEH memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell o...

9.8CVSS6.5AI score0.0067EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/29 12:0 a.m.7 views

QlikView security vulnerabilities

QlikView is a business intelligence and data visualization analysis software developed by the American company QlikView Corporation. Version QlikView 12.50.20000.0 contains a security vulnerability. This vulnerability stems from a denial-of-service vulnerability in the FTP server address input...

6.2CVSS5.8AI score0.00167EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/28 12:0 a.m.12 views

PT-2026-5157

docPrint Pro 8.0 contains a local buffer overflow vulnerability in the 'Add URL' input field that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload that triggers a structured exception handler SEH overwrite to execute shellcode and gain remo...

8.4CVSS6.4AI score0.00149EPSS
Exploits0References4
CNVD
CNVD
added 2026/01/19 12:0 a.m.3 views

Tenda AX-3 fromAdvSetMacMtuWan Function Stack Buffer Overflow Vulnerability

Tenda AX-3 is a home smart wireless router from Tenda that supports Wi-Fi6 802.11ax standard for home networking environment. The Tenda AX-3 suffers from a stack buffer overflow vulnerability, which stems from the mac2 parameter in the fromAdvSetMacMtuWan function failing to correctly validate th...

7.5CVSS6.1AI score0.00384EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.5 views

CVE-2023-40847

Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01.bin is vulnerable to Buffer Overflow via the function "initIpAddrInfo." In the function, it reads in a user-provided parameter, and the variable is passed to the function without any length check...

9.8CVSS7.2AI score0.0057EPSS
Exploits0References1
OSV
OSV
added 2025/12/31 1:15 a.m.9 views

AZL-73335 CVE-2025-11961 affecting package libpcap for versions less than 1.10.6-1

pcapetheraton is an auxiliary function in libpcap, it takes a string argument and returns a fixed-size allocated buffer. The string argument must be a well-formed MAC-48 address in one of the supported formats, but this requirement has been poorly documented. If an application calls the function...

1.9CVSS5.6AI score0.00098EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.6 views

PT-2025-46848

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619 B20230130 and NR1800X V9.1.0u.6681 B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stac...

8.2AI score0.00531EPSS
Exploits1References4
CVE
CVE
added 2025/11/13 12:0 a.m.10 views

CVE-2025-60688

The CVE-2025-60688 issue affects ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) router firmware. In the cstecgi.cgi binary (setDefResponse function), the IpAddress parameter from a web request is copied into a fixed-size stack buffer with strcpy() without length v...

6.5CVSS7.9AI score0.00531EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/10/08 3:16 p.m.6 views

CVE-2025-60313

Sourcecodester Link Status Checker 1.0 is vulnerable to a Cross-Site Scripting XSS in the Enter URLs to check input field. This allows a remote attacker to execute arbitrary code...

6.1CVSS0.00331EPSS
Exploits1References2
Snyk
Snyk
added 2025/09/29 4:28 p.m.4 views

Arbitrary Argument Injection

Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via improper handling of the mail.Address value. An attacker can manipulate email routing or inject unauthorized SMTP parameters by supplying specially crafted email addresses. Note: This is only exploitable...

9.1CVSS6.9AI score0.00505EPSS
Exploits1References2
OSV
OSV
added 2025/09/29 9:15 a.m.4 views

CVE-2025-10345

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'address' at the endpoint 'admin/leads/lead'...

6.1CVSS5.8AI score0.00221EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/28 12:0 a.m.5 views

PT-2025-39758

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the processing of the /goform/diag traceroute file within D-Link DIR-823X version 250416. Manipulation of the target addr argument can lead to command injection, allowing for remote...

8.8CVSS6.5AI score0.04125EPSS
Exploits1References10
Snyk
Snyk
added 2025/09/09 9:30 p.m.2 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search bar portlet when user-supplied input in the URL is not properly sanitized. An attacker can execute arbitrary web scripts in the context of the user's browser by tricking a user into clicking a...

6.1CVSS5.3AI score0.00216EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/03 5:17 a.m.11 views

CVE-2023-21481

Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information...

5.4CVSS0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/03 12:0 a.m.6 views

SAMSUNG Account 安全漏洞

SAMSUNG Account is an account management software from Samsung South Korea. A security vulnerability exists in SAMSUNG Account versions prior to 14.1.0.0 that stems from improper URL input validation, which could allow a remote attacker to obtain sensitive information...

7.5CVSS6.5AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2025/09/01 8:15 a.m.4 views

CVE-2025-9769

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...

6.2CVSS0.25875EPSS
Exploits1References6
Cvelist
Cvelist
added 2025/09/01 8:2 a.m.14 views

CVE-2025-9769 D-Link DI-7400G+ mng_platform.asp sub_478D28 command injection

A security flaw has been discovered in D-Link DI-7400G+ 19.12.25A1. Affected is the function sub478D28 of the file /mngplatform.asp. The manipulation of the argument addr with the input echo 12345 poc.txt results in command injection. An attack on the physical device is feasible. The exploit has...

4.3CVSS0.25875EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.7 views

CVE-2024-6469

A vulnerability was found in playSMS 1.4.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php?app=main=featurefirewall=firewalllist of the component Template Handler. The manipulation of the argument IP address with the input id...

8.8CVSS7.2AI score0.00736EPSS
Exploits1References1
Rows per page
Query Builder