CVE-2025-14994 Tenda FH1201/FH1206 HTTP Request webtypelibrary strcat stack-based overflow

A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14408/1.2.0.88155. This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried...

CVE-2025-14994 Tenda FH1201/FH1206 HTTP Request webtypelibrary strcat stack-based overflow

A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14408/1.2.0.88155. This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried...

CVE-2025-14992 Tenda AC18 HTTP Request GetParentControlInfo strcpy stack-based overflow

A security vulnerability has been detected in Tenda AC18 15.03.05.05. The impacted element is the function strcpy of the file /goform/GetParentControlInfo of the component HTTP Request Handler. The manipulation of the argument mac leads to stack-based buffer overflow. Remote exploitation of the...

Tenda AC18 安全漏洞

Tenda AC18 is a router from Tenda China. A security vulnerability exists in Tenda AC18 version 15.03.05.05, which originates from an improper handling of the parameter mac in the strcpy function of the file /goform/GetParentControlInfo in the component HTTP Request Handler, which may result in a...

BIT-KIBANA-2025-68389 Kibana Allocation of Resources Without Limits or Throttling

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana process via a crafted HTTP request...

CVE-2025-12874

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-12874 HTTP Request Smuggling in Quest Coexistence Manager for Notes

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

Security update for netty

This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRLF injection through a request URI and can lead to request smuggling bsc1255048. Other updates and bugfixes:...

SUSE-SU-2025:4489-1 Security update for netty

This update for netty fixes the following issues: Update to upstream version 4.1.130. Security issues fixed: - CVE-2025-67735: lack of URI sanitization in HttpRequestEncoder allows for CRLF injection through a request URI and can lead to request smuggling bsc1255048. Other updates and bugfixes: -...

CVE-2025-68386

Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible to everyone in the space via a crafted a HTTP request...

CVE-2025-14879

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssidindex causes stack-based buffer overflow. It is possible to initiate the attack remotely. The explo...

CVE-2025-14879 Tenda WH450 HTTP Request onSSIDChange stack-based overflow

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssidindex causes stack-based buffer overflow. It is possible to initiate the attack remotely. The explo...

CVE-2025-14879

CVE-2025-14879 affects Tenda WH450 v1.0.0.18. The vulnerability is in the HTTP Request Handler’s /goform/onSSIDChange function, where manipulating the ssid_index argument leads to a stack-based buffer overflow. It enables remote initiation and exploitation, with public PoC/reference material avai...

CVE-2025-14878

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2025-14878 Tenda WH450 HTTP Request wirelessRestart stack-based overflow

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2025-14878 Tenda WH450 HTTP Request wirelessRestart stack-based overflow

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit...

PT-2025-52369

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana process via a crafted HTTP request...

CVE-2025-20393

A vulnerability in the Spam Quarantine feature of Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager could allow an unauthenticated, remote attacker to execute arbitrary system commands on an affected device with root privileges. This vulnerability is due...

SUSE CVE-2025-67735

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the io.netty.handler.codec.http.HttpRequestEncoder has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when HttpRequestEncod...