CVE-2025-6113

A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been...

The vulnerability of the fromadvsetlanip() function (/goform/AdvSetLanip) in the Tenda AC7 router software allows a hacker to trigger a service failure.

The vulnerability of the fromadvsetlanip function /goform/AdvSetLanip of the Tenda AC7 router’s microprogramming software is related to the copying of buffers without checking the size of the input data during the processing of the lanMask parameter. Exploiting this vulnerability could allow an...

CVE-2025-5861

A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has bee...

CVE-2025-5851

A vulnerability was found in Tenda AC15 15.03.05.19multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. Tenda AC7 suffers from a buffer overflow vulnerability, which originates from the parameter lanMask in the file /goform/AdvSetLanip that fails to correctly validate the length and size of the input data, which can be exploited by an...

CVE-2025-5839

A vulnerability, which was classified as critical, has been found in Tenda AC9 15.03.02.13. Affected by this issue is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack m...

CVE-2025-5795

A vulnerability, which was classified as critical, was found in Tenda AC5 1.0/15.03.06.47. This affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has...

Tenda AC18 安全漏洞

The Tenda AC18 is a router from the Chinese company Tenda. A buffer overflow vulnerability exists in the Tenda AC18 /goform/AdvSetLanip handling lanMask parameter, which can be exploited by a remote attacker to submit a special request that can be used to execute arbitrary code in the application...

PT-2025-37201

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to RDMA and the hfi1 driver. A divide-by-zero error could occur within the find hw thread mask function due to a division operation where the...

CVE-2023-22388

Memory Corruption in Multi-mode Call Processor while processing bit mask API...

CVE-2022-28896

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1FW130B06 allows attackers to escalate privileges to root via a crafted payload...

Vulnerability of the cgidhcpsCfgSet() function (Program:/bin/httpd) in Tenda W12 and i24 router microsoftware, allowing a hacker to execute arbitrary code

The vulnerability of the cgidhcpsCfgSet function Program:/bin/httpd in the Tenda W12 and i24 router microprogramming systems is related to buffer overflow in the stack. Exploiting this vulnerability could allow an attacker to execute arbitrary code when processing parameters such as startIp, endI...

CVE-2022-1203

The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog optio...

CVE-2022-29043

Jenkins Mask Passwords Plugin 3.0 and earlier does not escape the name and description of Non-Stored Password parameters on views displaying parameters, resulting in a stored cross-site scripting XSS vulnerability exploitable by attackers with Item/Configure permission...

CVE-2019-10407

Jenkins Project Inheritance Plugin 2.0.0 and earlier displayed a list of environment variables passed to a build without masking sensitive variables contributed by the Mask Passwords Plugin...

CVE-2025-48235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through = 3.1.2...

SafeKey: Amplifying Aha-Moment Insights for Safety Reasoning

Large Reasoning Models LRMs introduce a new generation paradigm of explicitly reasoning before answering, leading to remarkable improvements in complex tasks. However, they pose great safety risks against harmful queries and adversarial attacks. While recent mainstream safety efforts on LRMs,...

CVE-2025-48235

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through = 3.1.2...

CVE-2025-48235

CVE-2025-48235 relates to a DOM-based XSS in the WP Image Mask WordPress plugin (

CVE-2025-48235 WordPress WP Image Mask plugin <= 3.1.2 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Bogdan Bendziukov WP Image Mask wp-image-mask allows DOM-Based XSS.This issue affects WP Image Mask: from n/a through = 3.1.2...