CVE-2025-60685

A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614B20230630 within the sysconf binary sub401EE0 function. The binary reads the /proc/stat file using fgets into a local buffer and subsequently parses the line using sscanf into a single-byte variable with the %s forma...

[SECURITY] [DLA 4370-1] firefox-esr security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4370-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2025 https://wiki.debian.org/LTS -...

[SECURITY] [DSA 6055-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6055-1 [email protected] https://www.debian.org/security/ Andres Salomon November 13, 2025 https://www.debian.org/security/faq -...

TOTOLINK A950RG 安全漏洞

TOTOLINK A950RG is an ultra-generation Giga wireless router from China's Gion Electronics TOTOLINK that supports high-speed network connectivity and multi-device management. The TOTOLINK A950RG suffers from a buffer overflow vulnerability that stems from a failure to properly validate the length...

ToToLink多款产品 安全漏洞

TOTOLINK A720R and others are products of China Gion Electronics TOTOLINK.TOTOLINK A720R is a wireless router.TOTOLINK NR1800X is an excellent 5G NR indoor Wi-Fi and SIP CPE.TOTOLINK LR1200GB is a wireless dual-band 4G LTE router. A security vulnerability exists in several ToToLink products that...

PT-2025-46789

Name of the Vulnerable Software and Affected Versions Nero BackItUp versions 2019 through 2025 Description Nero BackItUp contains a path parsing and user interface rendering flaw. This flaw, combined with how Windows handles file execution, can allow an attacker to run arbitrary code when a user...

Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...

CVE-2025-60674

CVE-2025-60674 affects D-Link DIR-878A1 router firmware FW101B04.bin in the rc USB storage handling module. The flaw occurs when reading the USB device’s Serial Number with sscanf into a 64-byte stack buffer while fgets can read up to 127 bytes, causing a stack overflow. An attacker with physical...

PT-2025-46848

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619 B20230130 and NR1800X V9.1.0u.6681 B20230703 Router firmware within the cstecgi.cgi binary setDefResponse function. The binary reads the "IpAddress" parameter from a web request and copies it into a fixed-size stac...

CVE-2025-60684

A stack buffer overflow vulnerability exists in the ToToLink LR1200GB V9.1.0u.6619B20230130 and NR1800X V9.1.0u.6681B20230703 Router firmware within the cstecgi.cgi binary sub42F32C function. The web interface reads the "lang" parameter and constructs Help URL strings using sprintf into fixed-siz...

CVE-2025-60679

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2FWv1.10CNB05R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated usin...

Linksys E1200 安全漏洞

Linksys E1200 is a router from Linksys USA. A security vulnerability exists in the Linksys E1200 E1200v2.0.11.001us.tar.gz version, which originates from a stack buffer overflow in the httpd binary, which could lead to the execution of arbitrary code or a denial of service...

Adobe USD-Fileformat-plugins usdGltf Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe USD-Fileformat-plugins. Interaction with the USD library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists...

TOTOLINK LR1200GB 安全漏洞

TOTOLINK LR1200GB is a wireless dual-band 4G LTE router from China's Gion Electronics TOTOLINK. A security vulnerability exists in the ToToLink LR1200GB version V9.1.0u.6619B20230130 and the NR1800X version V9.1.0u.6681B20230703, which originates from the presence of a stack buffer overflow in th...

CVE-2025-60674

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127...

CVE-2025-60679

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2FWv1.10CNB05R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated usin...

Linksys E1200 安全漏洞

Linksys E1200 is a router from Linksys USA. A security vulnerability exists in the Linksys E1200 E1200v2.0.11.001us.tar.gz version, which stems from a stack buffer overflow in the libshared.so library that could lead to memory corruption, denial of service, or execution of arbitrary code...

groupoffice 安全漏洞

groupoffice is an Intermesh open source groupware and CRM for group offices. A security vulnerability exists in groupoffice versions prior to 25.0.47 and prior to 6.8.136, which stems from a flaw in the dbToApi and eval functions in FunctionField.php that could lead to the execution of arbitrary...

CVE-2025-60696

Linksys RE7000 devices with firmware FW_v2.0.15_211230_1012 are affected by CVE-2025-60696: a stack-based buffer overflow in the makeRequest.cgi binary’s arplookup path. The vulnerability arises from parsing /proc/net/arp with sscanf("%16s ... %18s ..."), writing into small buffers (v6 12 bytes, ...

PT-2025-46896

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...