896 matches found
CVE-2025-3254 xujiangfei admintwo add server-side request forgery
A vulnerability was found in xujiangfei admintwo 1.0. It has been classified as critical. Affected is an unknown function of the file /resource/add. The manipulation of the argument description leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has bee...
CVE-2025-3017 TA-Lib ta_regtest test_minmax.c setInputBuffer out-of-bounds write
A vulnerability, which was classified as critical, has been found in TA-Lib up to 0.6.4. This issue affects the function setInputBuffer of the file src/tools/taregtest/tatestfunc/testminmax.c of the component taregtest. The manipulation leads to out-of-bounds write. It is possible to launch the...
CVE-2025-2994 Tenda FH1202 Web Management Interface qossetting access control
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14408. This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The...
CVE-2025-2956 TRENDnet TI-G102i HTTP Request lighttpd plugins_call_handle_uri_raw null pointer dereference
A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0 /1.0.8.S0 and classified as problematic. This issue affects the function pluginscallhandleuriraw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be...
CVE-2025-2926
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
CVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5Ocachechkserialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public a...
CVE-2025-2913
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...
CVE-2025-2913
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FLblkgclist of the file src/H5FL.c. The manipulation of the argument H5FLblkheadt leads to use after free. An attack has to be approached locally. The exploit has been disclosed...
DEBIAN-CVE-2025-2310
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MMstrndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and...
DEBIAN-CVE-2025-2309
A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5Tbitcopy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclos...
CVE-2025-2123 GeSHi CSS cssgen.php get_var cross site scripting
A vulnerability, which was classified as problematic, has been found in GeSHi up to 1.0.9.1. Affected by this issue is the function getvar of the file /contrib/cssgen.php of the component CSS Handler. The manipulation of the argument...
CVE-2025-2061 code-projects Online Ticket Reservation System passenger.php cross site scripting
A vulnerability was found in code-projects Online Ticket Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /passenger.php. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The...
CVE-2025-1806 Eastnets PaymentSafe URL Default.aspx improper authorization
A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely...
UBUNTU-CVE-2025-1632
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the publi...
CVE-2025-1632 libarchive bsdunzip.c list null pointer dereference
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the publi...
CVE-2025-1378
CVE-2025-1378 affects radare2 (library /libr/main/rasm2.c in the rasm2 component). The vulnerability is a local memory corruption in an unknown function, with exploitation requiring local access; the exploit has been disclosed publicly. A fix is available in radare2 6.0.0 (patch c6c772d2eab692ce7...
CVE-2025-1186
Dayrui XunRuiCMS (versions up to 4.6.4) contains a deserialization vulnerability in the /Control/Api/Api.php file triggered by manipulating the thumb parameter. This remote, publicly disclosed issue has been rated critical in multiple sources. The exact root cause is not detailed beyond the thumb...
CVE-2025-0559 Campcodes School Management Software Create Id Card Page create-id-card cross site scripting
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site...
CVE-2025-0398
A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The...
CVE-2025-0221 IOBit Protected Folder IOCTL pffilter.sys 0x22200c null pointer dereference
A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached...