Low: edk2

Issue Overview: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. CVE-2025-2295 Affected Packages: edk2 Note: This advisory is applicable to Amazon Linux 2...

AZL-62086 CVE-2025-30695 affecting package mysql for versions less than 8.0.42-1

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

CVE-2025-3538

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function authasp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within th...

CVE-2025-3546 H3C Magic BE18000 HTTP POST Request getLanguage FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POS...

CVE-2025-3545

The CVE-2025-3545 vulnerability affects H3C Magic NX15, NX30 Pro, NX400, R3010 and BE18000 up to V100R014. The flaw is in FCGI_CheckStringIfContainsSemicolon within the /api/wizard/setLanguage HTTP POST Request Handler, enabling command injection from within the local network. Multiple sources co...

CVE-2025-3542

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...

CVE-2025-3542 H3C Magic NX15/Magic NX400/Magic R3010 HTTP POST Request getsyncpppoecfg FCGI_WizardProtoProcess command injection

A vulnerability, which was classified as critical, was found in H3C Magic NX15, Magic NX400 and Magic R3010 up to V100R014. This affects the function FCGIWizardProtoProcess of the file /api/wizard/getsyncpppoecfg of the component HTTP POST Request Handler. The manipulation leads to command...

CVE-2025-3541

A vulnerability, which was classified as critical, has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400 and Magic R3010 up to V100R014. Affected by this issue is the function FCGIWizardProtoProcess of the file /api/wizard/getSpecs of the component HTTP POST Request Handler. The...

CVE-2025-3541

The CVE-2025-3541 issue affects H3C Magic NX15, NX30 Pro, NX400, and R3010 up to V100R014. The vulnerability resides in the FCGI_WizardProtoProcess function of /api/wizard/getSpecs (HTTP POST Request Handler). Exploitation leads to command injection and requires access from the local network. Mul...

CVE-2025-3539 H3C Magic BE18000 HTTP POST Request getBasicInfo FCGI_CheckStringIfContainsSemicolon command injection

A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGICheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The...

CVE-2025-3538 D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow

A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function authasp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within th...

CVE-2024-38797

EDK2 contains a vulnerability in the HashPeImageByType. A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability...

CVE-2025-2958

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done...

CVE-2025-2957

A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be initiated within the loca...

CVE-2025-2956

A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0 /1.0.8.S0 and classified as problematic. This issue affects the function pluginscallhandleuriraw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack can only be...

Azure Health Bot Elevation of Privilege Vulnerability

An authenticated attacker can exploit an Server-Side Request Forgery SSRF vulnerability in Microsoft Azure Health Bot to elevate privileges over a network...

CVE-2025-2959

A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated with...

CVE-2025-2959

A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference. The attack needs to be initiated with...

CVE-2025-2959

TRENDnet TEW-410APB 1.3.06b is affected by CVE-2025-2959. The vulnerability targets the HTTP Request Handler in /usr/sbin/httpd, specifically the function sub_4019A0, where a null pointer dereference is triggered. Impact is availability-related (HIGH) with adjacent network access required and no ...

CVE-2025-2958 TRENDnet TEW-818DRU HTTP Request httpd denial of service

A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service. The attack needs to be done...