Tenda CH22 安全漏洞

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page in the file /goform/webExcptypemanFilter that fails to correctly validate the length of the input data, and can be exploited by an...

Tenda CH22 安全漏洞

Tenda CH22 is a network device from Tenda, China. A buffer overflow vulnerability exists in Tenda CH22 version 1.0.0.1, which originates from the parameter page in the file /goform/RouteStatic that fails to correctly validate the length and size of the input data, and can be exploited by an...

Tenda O3 安全漏洞

Tenda O3 is an outdoor wireless bridge from Tenda, China. Tenda O3 version 1.0.0.10 has a buffer overflow vulnerability, the vulnerability stems from the function SetValue/GetValue parameter dmzIP in the file /goform/setDmzInfo fails to correctly validate the length and size of the input data,...

Tenda CH22 安全漏洞

Tenda CH22 is a network device from Tenda, China. Tenda CH22 version 1.0.0.1 suffers from a buffer overflow vulnerability, which originates from the parameter page of the function fromSafeUrlFilter in the file /goform/SafeUrlFilter fails to correctly validate the length of the input data, and can...

Linux Distros Unpatched Vulnerability : CVE-2025-49655

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously...

[SECURITY] [DSA 6040-1] thunderbird security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6040-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff October 26, 2025 https://www.debian.org/security/faq -...

Debian dsa-6040 : thunderbird - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6040 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6040-1 [email protected]...

CVE-2025-54268

Bridge versions 14.1.8, 15.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

OESA-2025-2507 perl-Spreadsheet-ParseExcel security update

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file. Security Fixes: Spreadsheet::ParseExcel version 0.65, a Perl module for parsing Excel files, is vulnerable to arbitrary code execution ACE due to passing unvalidated input from a file into a string-type...

OESA-2025-2508 perl-Spreadsheet-ParseExcel security update

The Spreadsheet::ParseExcel module can be used to read information from an Excel 95-2003 file. Security Fixes: Spreadsheet::ParseExcel version 0.65, a Perl module for parsing Excel files, is vulnerable to arbitrary code execution ACE due to passing unvalidated input from a file into a string-type...

Remote Code Execution (RCE)

Flowise is vulnerable to remote code execution RCE. The vulnerability is due to unsanitized evaluation of user input in the “Supabase RPC Filter” field, which allows an attacker to execute arbitrary code on the affected system...

WordPress Captivate Sync plugin deserialization vulnerability

WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...

Light & Wonder Deck Mate 安全漏洞

Light & Wonder Deck Mate is an automated licensing device from Light & Wonder, UK. A security vulnerability exists in Light & Wonder Deck Mate that stems from a firmware update mechanism that does not validate cryptographic signatures and uses hard-coded AES keys, which could lead to the executio...

pgCodeKeeper 安全漏洞

pgCodeKeeper is an open source Eclipse plug-in for database schema management from pgCodeKeeper. A security vulnerability exists in pgCodeKeeper version 10.12.0, which stems from the Utils.serialize function's handling of serialized data from an untrustworthy source, and could lead to the executi...

VulnCheck KEV: CVE-2025-51482

Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...

Tenda AC6 SetClientState function buffer overflow vulnerability

The Tenda AC6 is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda AC6 version 15.03.06.50, which is caused by the SetClientState function failing to properly validate the length of the input data, and can be exploited by an attacker to execute...

D-Link DIR600L 安全漏洞

D-Link DIR600L is a wireless router for home users, belonging to D-Link's "Cloud Router" series, with an external antenna design, supporting 802.11n standard, with a maximum wireless transmission rate of 150Mbps. The D-Link DIR600L suffers from a buffer overflow vulnerability, which originates fr...

NewStart CGSL MAIN 7.02 : freetype Vulnerability (NS-SA-2025-0249)

The remote NewStart CGSL host, running version MAIN 7.02, has freetype packages installed that are affected by a vulnerability: - An out of bounds write exists in FreeType versions 2.13.0 and below newer versions of FreeType are not vulnerable when attempting to parse font subglyph structures...

EulerOS 2.0 SP13 : polkit (EulerOS-SA-2025-2274)

According to the versions of the polkit packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in polkit. When processing an XML policy with 32 or more nested elements in depth, an out-of-bounds write can be triggered. This...

CVE-2025-62498

A relative path traversal ZipSlip vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an attacker who can tamper with a productivity project to execute arbitrary code on the machine where the project is opened...