PT-2025-24386 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi Description: A critical issue affects the fromadvsetlanip function of the /goform/AdvSetLanip file in the HTTP POST Request Handler component. The manipulation of the lanMask argument leads to a buffer...

PT-2025-23821 · Cisco · Cisco Imc

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller IMC for Cisco UCS B-Series, UCS C-Series, UCS S-Series, and UCS X-Series Servers affected versions not specified Description: A vulnerability in the SSH connection handling could allow an authenticated,...

PT-2025-22913 · Llisoft · Llisoft Mta Maita Training System

Name of the Vulnerable Software and Affected Versions: llisoft MTA Maita Training System version 4.5 Description: A critical issue has been found in the this.fileService.download function of the file comllisoftcontrollerOpenController.java. The manipulation of the url argument leads to unrestrict...

CVE-2024-11655

A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diagpinginterface. The manipulation of the argument diagping leads to command injection. The attack can be initiated...

CVE-2024-13106

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched...

CVE-2024-13108

A vulnerability was found in D-Link DIR-816 A2 1.10CNB05R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been...

CVE-2021-38154

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

CVE-2011-4698

The AndroidAppTools Easy Filter com.phoneblocker.android application 1.1 and 1.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and call records via a crafted application...

CVE-2012-6432

Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the internal routes configuration is enabled, allows remote attackers to access arbitrary services via vectors involving a URI beginning with a /internal substring...

CVE-2025-4902

A vulnerability, which was classified as problematic, has been found in D-Link DI-7003GV2 24.04.18D1 R68125. Affected by this issue is the function sub48F4F0 of the file /H5/versionupdate.data. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has...

CVE-2025-4713 Campcodes Sales and Inventory System print.php sql injection

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/print.php. The manipulation of the argument sid leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-20667

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

PT-2025-18704 · Tenda · Tenda Rx2 Pro

Name of the Vulnerable Software and Affected Versions: Tenda RX2 Pro version 16.03.30.14 Description: The issue is related to inadequate access controls in the web management portal, allowing an unauthenticated remote attacker to enable ate, a remote system management binary, by sending a...

PT-2025-17288

Name of the Vulnerable Software and Affected Versions ASUS AiCloud affected versions not specified Description A critical authentication control issue exists in ASUS AiCloud, potentially allowing attackers to bypass authentication and execute unauthorized functions on affected devices remotely. T...

CVE-2025-27690

Dell PowerScale OneFS, versions 9.5.0.0 through 9.10.1.0, contains a use of default password vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to the takeover of a high privileged user account...

CVE-2025-2994

A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14408. This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The...

CVE-2025-27692

Dell Wyse Management Suite, versions prior to WMS 5.1, contains an Unrestricted Upload of File with Dangerous Type vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service, Information disclosure, and Remote execution...

PT-2025-13422 · Dell · Dell Unity

Name of the Vulnerable Software and Affected Versions: Dell Unity versions 5.4 and prior Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This could allow an unauthenticated attacker with remote access...

QNAP QTS Multiple Vulnerabilities (QSA-24-54)

QNAP QTS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/o:qnap:qts"; ifdescription...

CVE-2024-12782

A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.htmlhashHome of the component Web Interface. The manipulation leads to improper...