CVE-2025-60674

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf into a 64-byte stack buffer, while fgets reads up to 127...

CVE-2025-60679

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2FWv1.10CNB05R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated usin...

Linksys E1200 安全漏洞

Linksys E1200 is a router from Linksys USA. A security vulnerability exists in the Linksys E1200 E1200v2.0.11.001us.tar.gz version, which stems from a stack buffer overflow in the libshared.so library that could lead to memory corruption, denial of service, or execution of arbitrary code...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28639)

A remote potential adjacent denial of service DoS and potential adjacent arbitrary code execution vulnerability that could potentially lead to a loss of confidentiality, integrity, and availability were discovered in HPE Integrated Lights-Out 5 iLO 5 in Version: 2.71. Hewlett Packard Enterprise h...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28632)

A potential arbitrary code execution and a denial of service DoS vulnerability within an isolated process were discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could exploit this vulnerability in an adjacent network to potentially execute...

groupoffice 安全漏洞

groupoffice is an Intermesh open source groupware and CRM for group offices. A security vulnerability exists in groupoffice versions prior to 25.0.47 and prior to 6.8.136, which stems from a flaw in the dbToApi and eval functions in FunctionField.php that could lead to the execution of arbitrary...

CVE-2025-60696

Linksys RE7000 devices with firmware FW_v2.0.15_211230_1012 are affected by CVE-2025-60696: a stack-based buffer overflow in the makeRequest.cgi binary’s arplookup path. The vulnerability arises from parsing /proc/net/arp with sscanf("%16s ... %18s ..."), writing into small buffers (v6 12 bytes, ...

PT-2025-46896

Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain a Detection of Error Condition Without Action vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary Code Execution...

CVE-2025-60695

A stack-based buffer overflow vulnerability exists in the mtkdut binary of Linksys E7350 routers Firmware 1.1.00.032. The function sub4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary...

PT-2025-46904

Name of the Vulnerable Software and Affected Versions Socket Firewall versions prior to 0.15.5 Description Socket Firewall is an HTTP/HTTPS proxy server designed to enforce security policies by blocking dangerous packages. Versions of Socket Firewall prior to 0.15.5 are susceptible to arbitrary...

WordPress plugin AI Engine 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

Mageia: Security Advisory (MGASA-2025-0278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28626)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. A highly privileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and...

Debian dla-4370 : firefox-esr - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4370 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4370-1 [email protected]...

HP Integrated Lights-Out Improper Input Validation (CVE-2022-28628)

A local arbitrary code execution vulnerability was discovered in HPE Integrated Lights-Out 5 iLO 5 firmware versions: Prior to 2.71. An unprivileged user could locally exploit this vulnerability to execute arbitrary code resulting in a complete loss of confidentiality, integrity, and availability...

Updated perl-File-Find-Rule packages fix security vulnerability

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted file name. CVE-2011-10007...

MGASA-2025-0278 Updated perl-File-Find-Rule packages fix security vulnerability

File::Find::Rule through 0.34 for Perl is vulnerable to Arbitrary Code Execution when grep encounters a crafted file name. CVE-2011-10007...

CVE-2025-64531

Substance3D - Stager versions 3.1.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61837

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-61838

Format Plugins versions 1.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...