637 matches found
CVE-2025-9026 D-Link DIR-860L Simple Service Discovery Protocol cgibin ssdpcgi_main os command injection
A vulnerability was identified in D-Link DIR-860L 2.04.B04. This affects the function ssdpcgimain of the file htdocs/cgibin of the component Simple Service Discovery Protocol. The manipulation leads to os command injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-9002 Surbowl dormitory-management-php login.php sql injection
A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...
CVE-2025-8746 GNU libopts __strstr_sse2 memory corruption
A vulnerability, which was classified as problematic, was found in GNU libopts up to 27.6. Affected is the function strstrsse2. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. This issue w...
CVE-2025-8746
CVE-2025-8746 concerns GNU libopts up to 27.6, where the __strstr_sse2 function can cause memory corruption with local access. The description notes the bug is in libopts (an external library) and affects products still linked to vulnerable libopts; exploitation has been disclosed. Connected OSV/...
SUSE CVE-2025-8584
A vulnerability classified as problematic was found in libav up to 12.3. Affected by this vulnerability is the function avbufferunref of the file libavutil/buffer.c of the component AVI File Parser. The manipulation leads to null pointer dereference. Local access is required to approach this...
tsify-next is unmaintained, use tsify instead
The tsify-next crate is not maintained any more; use tsify instead...
RUSTSEC-2025-0048 tsify-next is unmaintained, use tsify instead
The tsify-next crate is not maintained any more; use tsify instead...
CVE-2025-8177
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...
CVE-2025-4976
An issue has been discovered in GitLab EE affecting all versions from 17.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that, under certain circumstances, could have allowed an attacker to access internal notes in GitLab Duo responses...
CVE-2025-7836 D-Link DIR-816L Environment Variable cgibin lxmldbc_system command injection
A vulnerability has been found in D-Link DIR-816L up to 2.06B01 and classified as critical. Affected by this vulnerability is the function lxmldbcsystem of the file /htdocs/cgibin of the component Environment Variable Handler. The manipulation leads to command injection. The attack can be launche...
FreeBSD : libxslt -- unmaintained, with multiple unfixed vulnerabilities (b0a3466f-5efc-11f0-ae84-99047d0a6bcc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b0a3466f-5efc-11f0-ae84-99047d0a6bcc advisory. Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may...
CVE-2025-3497 Radiflow iSAP Smart Collector Linux distribution unmaintained
The Linux distribution underlying the Radiflow iSAP Smart Collector CentOS 7 - VSAP 1.20 is obsolete and reached end of life EOL on June 30, 2024. Thus, any unmitigated vulnerability could be exploited to affect this product...
CVE-2025-7192
A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgimain of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed ...
users may append `root` to group listings
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...
GHSA-M65Q-V92H-CM7Q users may append `root` to group listings
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...
anon-vec lacks sufficient checks in public API
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...
GHSA-PR59-JJR4-GCF6 anon-vec lacks sufficient checks in public API
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...
PT-2025-25491 · Crates.Io · Anon-Vec
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::get ref - AnonVec::get mut - AnonVec::remove get The crate was built as a learning project and is not being maintained...
GHSA-WV8J-M3HX-924J Arrow2 allows out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
CVE-2024-1706
A vulnerability was determined in ZKTeco ZKBio Access IVS up to 3.3.2. This impacts an unknown function of the component Department Name Search Bar. This manipulation with the input hi causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly...