120835 matches found
EUVD-2025-175367
The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...
CVE-2025-60699
A buffer overflow vulnerability exists in the TOTOLINK A950RG Router firmware V5.9c.4592B20191022ALL within the global.so binary. The getSaveConfig function retrieves the httphost parameter from user input via websGetVar and copies it into a fixed-size stack buffer v13 using strcpy without...
DEBIAN-CVE-2025-59840
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...
CVE-2025-59840
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...
CVE-2025-46367
Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...
CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...
CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...
CVE-2025-46367
Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...
CVE-2025-46367
Dell Alienware Command Center (AWCC) 6.x, before 6.10.15.0, has a Detection of Error Condition Without Action vulnerability. Local, low-privileged attackers could trigger Arbitrary Code Execution via the no-action error-detection path. CVSS 3.1 indicates high impact on confidentiality, integrity,...
CVE-2025-60674
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127...
CVE-2025-60674
A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127...
CVE-2025-43515
The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...
CVE-2025-43515
The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...
CVE-2025-43515
The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...
CVE-2025-43515
CVE-2025-43515 affects Apple Compressor. Concrete details across connected sources confirm that an unauthenticated user on the same network as a Compressor server may execute arbitrary code. The root fix is to refuse external connections by default, implemented in Compressor 4.11.1. References fr...
EUVD-2025-175336
A vulnerability in the REST API of Cisco Catalyst Center could allow an authenticated, remote attacker to execute arbitrary commands in a restricted container as the root user. This vulnerability is due to insufficient validation of user-supplied input in REST API request parameters. An attacker...
EUVD-2025-175300
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers A720R V4.1.5cu.614B20230630, LR1200GB V9.1.0u.6619B20230130, and NR1800X V9.1.0u.6681B20230703. Both programs parse the contents of /proc/net/arp using sscanf with "%s" format...
EUVD-2025-175311
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...
CVE-2025-60695
A stack-based buffer overflow vulnerability exists in the mtkdut binary of Linksys E7350 routers Firmware 1.1.00.032. The function sub4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary...
CVE-2025-60686
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers A720R V4.1.5cu.614B20230630, LR1200GB V9.1.0u.6619B20230130, and NR1800X V9.1.0u.6681B20230703. Both programs parse the contents of /proc/net/arp using sscanf with "%s" format...