404 matches found
CVE-2025-7822
WP Wallcreeper (WordPress plugin)
PT-2025-30193
Name of the Vulnerable Software and Affected Versions Dunamu StockPlus App versions up to 7.62.10 Description A vulnerability exists in Dunamu StockPlus App on Android. The issue involves improper export of android application components due to manipulation of an unknown functionality within the...
CrushFTP 10.x < 10.8.5 / 11.x < 11.3.4_23 Privilege Escalation (CVE-2025-54309)
The CrushFTP application installed on the remote host is missing a vendor-supplied patch. It is, therefore, affected by a vulnerability. CrushFTP 10 before 10.8.5 and 11 before 11.3.423, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to...
CVE-2025-53964
GoldenDict 1.5.0 and 1.5.1 has an exposed dangerous method that allows reading and modifying files when a user adds a crafted dictionary and then searches for any term included in that dictionary...
CVE-2025-20284
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system as root. This vulnerability is due to insufficient validation of user-supplied input. An attacker with valid credentials coul...
CVE-2025-30483
CVE-2025-30483 affects Dell ECS prior to 3.8.1.5 and Dell ObjectScale prior to 4.0.0.0, where an insertion of sensitive information into log files may allow a low-privilege, local attacker to disclose information. The NVD-derived CVSSv3.1 base score is 5.5 (Medium) with LOCAL, LOW complexity, and...
CVE-2025-7525
A vulnerability was found in TOTOLINK T6 4.1.5cu.748B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injectio...
CVE-2025-7564 LB-LINK BL-AC3600 shadow hard-coded credentials
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the input root:blinkadmin leads to hard-coded credentials. Local access is required to approach this...
CVE-2025-7463 Tenda FH1201 HTTP POST Request AdvSetWrlsafeset formWrlsafeset buffer overflow
A vulnerability was found in Tenda FH1201 1.2.0.14. It has been declared as critical. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component HTTP POST Request Handler. The manipulation of the argument mitssid leads to buffer overflow. The atta...
CVE-2025-7170
A vulnerability classified as critical was found in code-projects Crime Reporting System 1.0. Affected by this vulnerability is an unknown functionality of the file /registration.php. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit ha...
CVE-2025-7067
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...
PT-2025-27526 · Dell · Dell Networker
Name of the Vulnerable Software and Affected Versions: Dell NetWorker versions 19.12.0.1 and prior Description: The issue is related to a Selection of Less-Secure Algorithm During Negotiation, also known as an 'Algorithm Downgrade'. This could allow an unauthenticated attacker with remote access ...
CVE-2025-6896
CVE-2025-6896 affects D-Link DI-7300G+ (0) with firmware version 19.12.25A1. The vulnerability is in an unknown function of wget_test.asp, where improper handling of the url parameter enables os command injection. Impact is remote, with exploitation disclosed publicly. Several sources (NVD/Red Ha...
PT-2025-27339 · Unknown · Position Department Service Quality Evaluation System
Name of the Vulnerable Software and Affected Versions: Conjure Position Department Service Quality Evaluation System versions up to 1.0.11 Description: A critical vulnerability has been found in the Conjure Position Department Service Quality Evaluation System. The issue affects the eval function...
PT-2025-27308 · Volkswagen · Mib3
Name of the Vulnerable Software and Affected Versions: MIB3 infotainment unit affected versions not specified Description: A logic flaw in the bootloader component of the MIB3 infotainment unit leads to a RAM buffer overflow, allowing an attacker with physical access to the MIB3 ECU to bypass...
CVE-2025-6443
Mikrotik RouterOS VXLAN Source IP Improper Access Control Vulnerability. This vulnerability allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...
CVE-2025-51381
An authentication bypass vulnerability exists in KCM3100 Ver1.4.2 and earlier. If this vulnerability is exploited, an attacker may bypass the authentication of the product from within the LAN to which the product is connected...
CVE-2025-6496 HTACG tidy-html5 parser.c InsertNodeAsParent null pointer dereference
A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been...
CVE-2025-6490
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...
CVE-2025-50008 WordPress WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily plugin <= 1.2.4.5 - Broken Access Control Vulnerability
Missing Authorization vulnerability in cscode WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Checkout fields easily innovs-woo-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Manager – Customize and Control...