CVE-2025-50464

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENTTYPE HTTP header into a fixed-size stack buffer v8, allocated 8 bytes without...

CVE-2025-50464

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENTTYPE HTTP header into a fixed-size stack buffer v8, allocated 8 bytes without...

CVE-2025-50464

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENTTYPE HTTP header into a fixed-size stack buffer v8, allocated 8 bytes without...

CVE-2025-50464

A buffer overflow vulnerability exists in the upload.cgi module of the iptime NAS firmware v1.5.04. The vulnerability arises due to the unsafe use of the strcpy function to copy attacker-controlled data from the CONTENTTYPE HTTP header into a fixed-size stack buffer v8, allocated 8 bytes without...

CVE-2025-50464

The CVE-2025-50464 affects iptime NAS firmware v1.5.04. The issue is a pre-authentication buffer overflow in the upload.cgi module caused by unsafe use of strcpy to copy attacker-controlled data from the CONTENT_TYPE HTTP header into a fixed-size stack buffer (8 bytes). This can be exploited befo...

PT-2025-31431 · Iptime · Iptime Nas Firmware

Name of the Vulnerable Software and Affected Versions: iptime NAS firmware version 1.5.04 Description: A buffer overflow exists in the upload.cgi module due to the unsafe use of the strcpy function. This function copies data from the CONTENT TYPE HTTP header into a fixed-size stack buffer 8 bytes...

CVE-2025-53080

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' in Samsung DMSData Management Server allows authenticated attackers to create arbitrary files in unintended locations on the filesystem...

CVE-2025-7723

A command injection vulnerability exists that can be exploited after authentication in VIGI NVR1104H-4P V1 and VIGI NVR2016H-16MP V2.This issue affects VIGI NVR1104H-4P V1: before 1.1.5 Build 250518; VIGI NVR2016H-16MP V2: before 1.3.1 Build 250407...

CVE-2025-54066 DiracX-Web login page has Open Redirect vulnerability

DiracX-Web is a web application that provides an interface to interact with the DiracX services. Prior to version 0.1.0-a8, an attacker can forge a request that they can pass to redirect an authenticated user to another arbitrary website. In the login page, DiracX-Web has a redirect field which i...

CVE-2025-7327

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the...

CVE-2025-53375

Dokploy (PaaS) is affected by CVE-2025-53375. An authenticated attacker can read any file accessible to the Traefik process user (e.g., /etc/passwd, app sources, env files with credentials), risking full service compromise or lateral movement. Affected versions are prior to 0.23.7; remediation is...

CVE-2025-6073

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer...

CVE-2025-6073 Stack Buffer Overflow in MQTTCore

Stack-based Buffer Overflow vulnerability in ABB RMC-100, ABB RMC-100 LITE. When the REST interface is enabled by the user, and an attacker gains access to the control network, and user/password broker authentication is enabled, and CVE-2025-6074 is exploited, the attacker can overflow the buffer...

CVE-2025-5318

A flaw was found in the libssh library. An out-of-bounds read can be triggered in the sftphandle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This...

CVE-2025-41366

CVE-2025-41366 = CORS misconfiguration in ZIV IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. Exploitation requires authentication and commands with privileges higher than view. CVSS v4.0 base score 5.1 (NETWORK, LOW complexity, HIGH privileges). Affected products: IDF, ZLF (specific versions above)...

CVE-2024-8123

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.0.8 via the duplicatepost function due to missing validation on a user controlled key. This makes it possible for authenticated attackers...

CVE-2023-20216

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploi...

CVE-2022-48618

The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been...

CVE-2022-35898

OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account...

CVE-2021-26814

Wazuh API in Wazuh from 4.0.0 to 4.0.3 allows authenticated users to execute arbitrary code with administrative privileges via /manager/files URI. An authenticated user to the service may exploit incomplete input validation on the /manager/files API to inject arbitrary code within the API service...