CVE-2025-8961 LibTIFF tiffcrop tiffcrop.c main memory corruption

A weakness has been identified in LibTIFF 4.7.0. This affects the function main of the file tiffcrop.c of the component tiffcrop. Executing manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to the public and could be exploited...

CVE-2025-8937

CVE-2025-8937 affects TOTOLINK N350R, specifically the component/file at /boafrm/formSysCmd. The documented issue is a command injection vulnerability in unknown code, exploitable remotely, with exploit publicly disclosed. The primary affected device is TOTOLINK N350R version 1.2.3-B20130826. Sev...

CVE-2025-8907

The CVE-2025-8907 entry concerns H3C M2 NAS V100R006, where the Webserver Configuration component is implicated. The vulnerability is described as allowing execution with unnecessary privileges via local manipulation, with attack complexity rated high and requiring local access. Vendor notes indi...

CVE-2025-8844

A vulnerability was determined in NASM Netwide Assember 2.17rc0. This vulnerability affects the function parsesmacrotemplate of the file preproc.c. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used...

CVE-2025-8831

A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the...

CVE-2025-8845

The CVE-2025-8845 vulnerability affects NASM Netwide Assembler 2.17rc0, specifically the assemble_file function in nasm.c. The issue is a stack-based buffer overflow that can be triggered from local execution, and the exploit has been disclosed publicly. The connected documents provide concrete d...

CVE-2025-8843 NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow

A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function machonodeadstrip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used...

CVE-2025-8841

A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be...

CVE-2025-8839

A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may b...

CVE-2025-8811

CVE-2025-8811 affects Simple Art Gallery 1.0 (Code-Projects). The vulnerability is a SQL injection in the /Admin/registration.php file, triggered by manipulating the fname argument. It is remotely exploitable and has been publicly disclosed. Multiple sources classify the issue as critical with hi...

CVE-2025-8807 xujeff tianti 天梯 save authorization

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2025-8806

A vulnerability was found in zhilink 智互联深圳科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate...

CVE-2025-8705

A vulnerability, which was classified as critical, was found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. Affected is an unknown function of the file /WEASHomePage/GetTargetConfig of the component Energy Overview Module. The manipulation of the argument BPProID leads to sql...

PT-2025-32478 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS versions up to 2.7.5 Description: A vulnerability has been identified in Open5GS, classified as problematic. The vulnerability affects the ngap build downlink nas transport function within the AMF component. Manipulation of this...

CVE-2025-8765 Datacom DM955 5GT 1200 Wireless Basic Settings cross site scripting

A vulnerability classified as problematic was found in Datacom DM955 5GT 1200 825.8010.00. Affected by this vulnerability is an unknown functionality of the component Wireless Basic Settings. The manipulation of the argument SSID leads to cross site scripting. The attack can be launched remotely...

CVE-2025-8753 linlinjava litemall File delete path traversal

A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be...

CVE-2025-8746

A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function strstrsse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue w...

CVE-2025-8736 GNU cflow Lexer c.c yylex buffer overflow

A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclose...

CVE-2025-8733

REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Additional analysis indicates that the files referenced in the stack trace do not exist in Bison...

CVE-2025-8732 libxml2 xmlcatalog xmlParseSGMLCatalog recursion

A vulnerability was found in libxml2 up to 2.14.5. It has been declared as problematic. This vulnerability affects the function xmlParseSGMLCatalog of the component xmlcatalog. The manipulation leads to uncontrolled recursion. Attacking locally is a requirement. The exploit has been disclosed to...