CVE-2025-10432 Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function checkparamchanged of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of...

CVE-2025-10432 Tenda AC1206 HTTP Request AdvSetMacMtuWa check_param_changed stack-based overflow

A vulnerability was found in Tenda AC1206 15.03.06.23. This vulnerability affects the function checkparamchanged of the file /goform/AdvSetMacMtuWa of the component HTTP Request Handler. Performing manipulation of the argument wanMTU results in stack-based buffer overflow. Remote exploitation of...

Tenda AC1206 安全漏洞

Tenda AC1206 is a wireless gigabit router from Tenda China. A security vulnerability exists in Tenda AC1206 version 15.03.06.23, which originates from the incorrect manipulation of the parameter wanMTU by the function checkparamchanged in the file /goform/AdvSetMacMtuWa in the HTTP Request Handle...

PT-2025-37457

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version 15.03.06.23 Description: A stack-based buffer overflow vulnerability exists in the HTTP Request Handler component of the Tenda AC1206. The vulnerability is located in the check param changed function within the...

CVE-2025-10411

A vulnerability was detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /stc-log-keeper/checkprofile.php of the component POST Request Handler. The manipulation of the argument profileid results in cross site...

CVE-2025-10386 Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting

A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely...

CVE-2025-10386

CVE-2025-10386 affects Yida ECMS Consulting Enterprise Management System 1.0. The vulnerability is in the POST Request Handler for the file path /login.do, where manipulating the argument requestUrl enables cross-site scripting. It can be triggered remotely, and public exploits exist. Reports not...

PT-2025-36114

Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2 Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even...

CVE-2025-9931

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-9931 Jinher OA POST Request login!changePassWord.action cross site scripting

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an improper check of complex JSON in the HTTP handler. An attacker can cause excessive memory and CPU consumption by submitting specially-crafted payloads that meet the default...

📄 WordPress WP Reactions Box 1.0 SQL Injection

WordPress WP Reactions Box plugin versions 1.0 and below suffer from a remote SQL Injection vulnerability. Exploit Title: WordPress WP Reactions Box Plugin 1.0 - SQL Injection Google Dork: N/A Date: 2025-08-24 Exploit Author: bRpsd cyatlive.no Vendor Homepage:...

CVE-2025-8796

A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/deleteproject/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack...

CVE-2025-8246

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The...

CVE-2025-8245

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAPVLAN of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer...

CVE-2025-8242

A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr/url/vpnPassword/vpnUser leads to buffer...

CVE-2025-8219

A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. It has been rated as critical. This issue affects some unknown processing of the file /crm/crmapi/erp/tabdetailmoduleSavedxkp.php of the component HTTP POST Request Handler. The manipulation of the...

CVE-2025-8246

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formRoute of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The...

CVE-2025-8244

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr leads to buffer overflow. It is possible to...