Lucene search
K

120932 matches found

CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

TOTOLINK A3300R cstecgi.cgi File Buffer Overflow Vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the parameter ip of the function setDmzCfg in the file...

9.8CVSS9.1AI score0.00753EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.3 views

TOTOLINK A3300R setOpModeCfg function stack buffer overflow vulnerability

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a stack buffer overflow vulnerability that originates from the parameter opmode in the setOpModeCfg function in t...

9CVSS9.1AI score0.0093EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

Tenda CH22 fromSafeMacFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in the Tenda CH22 version 1.0.0.1, which originates from the failure of the fromSafeMacFilter function parameter page in the /goform/SafeMacFilter file to correctly validate the length of the input data, and...

9CVSS9.1AI score0.00995EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

Tenda CH22 fromSafeClientFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeClientFilter in the file /goform/SafeClientFilter fails to correctly validate the length of the input data, a...

9.8CVSS9.2AI score0.04578EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

Tenda CH22 fromP2pListFilter function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromP2pListFilter in the file /goform/P2pListFilter fails to correctly validate the length of the input data, and can...

9CVSS9.2AI score0.00646EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.2 views

TOTOLINK A3300R enable parameter buffer overflow vulnerability

The TOTOLINK A3300R is a wireless router from China's Gion Electronics TOTOLINK. A buffer overflow vulnerability exists in TOTOLINK A3300R version 17.0.0cu.557B20221024, which originates from the parameter enable in the file /cgi-bin/cstecgi.cgi that fails to correctly validate the length and siz...

9CVSS9AI score0.0093EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/31 12:0 a.m.4 views

Tenda CH22 fromVirtualSer function buffer overflow vulnerability

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromVirtualSer in the file /goform/VirtualSer that fails to correctly validate the length of the input data, and can ...

9.8CVSS8.4AI score0.00971EPSS
Exploits1References1
NVD
NVD
added 2025/10/30 10:15 p.m.3 views

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.8CVSS0.01965EPSS
Exploits0References3
OSV
OSV
added 2025/10/30 10:15 p.m.4 views

CVE-2025-34277

Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlle...

9.8CVSS6.3AI score0.01965EPSS
Exploits0References3
NVD
NVD
added 2025/10/30 10:15 p.m.15 views

CVE-2024-14005

Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...

9.4CVSS0.04188EPSS
Exploits0References3
CVE
CVE
added 2025/10/30 9:30 p.m.13 views

CVE-2025-34284

CVE-2025-34284 affects Nagios XI versions before 2024R2, via the WinRM plugin. The issue arises from insufficient validation of user-supplied parameters in the WinRM plugin, allowing an authenticated administrator to inject shell metacharacters that are used in backend command invocations. Exploi...

9.4CVSS7.5AI score0.04188EPSS
Exploits0References3Affected Software1
Debian
Debian
added 2025/10/30 7:41 p.m.9 views

[SECURITY] [DSA 6046-1] chromium security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6046-1 [email protected] https://www.debian.org/security/ Andres Salomon October 30, 2025 https://www.debian.org/security/faq -...

8.8CVSS7.4AI score0.06806EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/10/30 9:0 a.m.2 views

CVE-2025-10921

A heap-based buffer-overflow in GIMP’s HDR RGBE file parsing CVE-2025-10921 / ZDI-25-910 allows an attacker to execute arbitrary code when a user opens or is tricked into previewing a malicious HDR file. The flaw is caused by missing length validation before copying user-supplied HDR data into a...

7.8CVSS7.8AI score0.00452EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/30 5:28 a.m.3 views

EUVD-2025-36899

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

7.3CVSS7.1AI score0.00481EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/30 5:28 a.m.4 views

CVE-2025-62229

A flaw was found in the X.Org X server and Xwayland when processing X11 Present extension notifications. Improper error handling during notification creation can leave dangling pointers that lead to a use-after-free condition. This can cause memory corruption or a crash, potentially allowing an...

7.3CVSS7.1AI score0.00481EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/10/30 4:52 a.m.6 views

thunderbird: firefox: Memory safety bugs

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 115.28, Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143. Some of these bugs showed evidence of memory corrupti...

8.8CVSS7.4AI score0.00306EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/10/30 12:12 a.m.8 views

CVE-2025-60595

SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution...

8.2CVSS7.2AI score0.00291EPSS
Exploits0References1
CNVD
CNVD
added 2025/10/30 12:0 a.m.3 views

Google Chrome Heap Buffer Overflow Vulnerability

Google Chrome is a web browser developed by Google Inc. Google Chrome suffers from a heap buffer overflow vulnerability that stems from a heap buffer overflow issue in the WebGPU component. An attacker can exploit this vulnerability to execute arbitrary code on the system or cause denial of heap...

8.8CVSS6.5AI score0.0028EPSS
Exploits0References1
Kaspersky
Kaspersky
added 2025/10/30 12:0 a.m.6 views

KLA89786 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Type Confusion vulnerability in V8 can be...

8.8CVSS8AI score0.06806EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/10/30 12:0 a.m.3 views

Nagios Log Server 安全漏洞

Nagios Log Server is a suite of centralized log management, monitoring, and analysis software from Nagios Corporation. A security vulnerability exists in Nagios Log Server versions prior to 2024R1.3.1, which stems from not properly validating dashboard ID values and could lead to the execution of...

9.8CVSS6.8AI score0.01965EPSS
Exploits0References3
Rows per page
Query Builder