CVE-2025-55652

GPAC MP4Box v2.4 is affected by a heap buffer overflow in gf_isom_vp_config_new (isomedia/avc_ext.c), enabling DoS via a crafted MP4 file. This is documented across multiple sources (CVE-2025-55652, EUVD-2025-210150, NVD, CVELIST, etc.). The vulnerability details specify the vulnerable function a...

CVE-2026-9436

A flaw has been found in Totolink A8000RU 7.1cu.643b20200521. The impacted element is the function setL2tpServerCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Executing a manipulation of the argument enable can lead to os command injection. The attack can be...

CVE-2026-25639

Axios prior to v1.13.5 is vulnerable in mergeConfig when an own property named proto is present, causing a TypeError and potential denial of service via crafted configuration objects (e.g., JSON.parse()). The issue is fixed in v1.13.5; upgrading mitigates the vulnerability.

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

EUVD-2024-48154

Malicious code in bioql PyPI...

Tenda W30E 安全漏洞

Tenda W30E is an enterprise-grade wireless router from Tenda Technology designed for SOHO, small and micro businesses and small stores. The Tenda W30E suffers from a buffer overflow vulnerability, which originates from the failure of the v17 parameter in the UploadCfg function to properly validat...

CVE-2025-29514

Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...

CVE-2025-3263

A Regular Expression Denial of Service ReDoS vulnerability was discovered in the Hugging Face Transformers library, specifically in the getconfigurationfile function within the transformers.configurationutils module. The affected version is 4.49.0, and the issue is resolved in version 4.51.0. The...

CVE-2024-31812

In TOTOLINK EX200 V4.0.3c.7646B20201211, an attacker can obtain sensitive information without authorization through the function getWiFiExtenderConfig...

PT-2025-15116 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument pptp server start ip/pptp server end ip leads to buffer overflow. The...

CVE-2024-57480

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs...

MC Technologies MC LR Router 操作系统命令注入漏洞

MC Technologies MC LR Router is a router from MC Technologies, Germany. An operating system command injection vulnerability exists in MC Technologies MC LR Router version 2.10.5, which stems from an OS command injection in the I/O configuration function of the web interface, which could lead to...

The vulnerability of the scarlett2 component in the Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the scarlett2 component in the Linux operating system is related to improper error handling in the scarlett2usbsetconfig function. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2024-19623 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the hostName parameter in the setWanCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...

Stored XSS on user "Category report" function

Description An attacker can inject malicious executable scripts into the code of the Name field Proof of Concept Log in as an admin or any member with the right access to the Category report - Configuration function. Insert this payload into the "Name" field General role assignment" autofocus...

Apache RocketMQ Command Execution Vulnerability

Apache RocketMQ is the United States Apache Apache Foundation of a lightweight data processing platform and messaging engine. A command execution vulnerability exists in Apache RocketMQ 5.1.0 and prior versions, which stems from an application failing to properly filter special elements of...

CVE-2022-40866

Tenda W20E router V15.11.0.6 USW20EV4.0brV15.11.0.610681546841CNTDC contains a stack overflow vulnerability in the function formSetDebugCfg with request /goform/setDebugCfg/...

The configuration function vulnerability of ASUS RT-AC56U Wi-Fi router software allows a hacker to execute arbitrary code.

The vulnerability of the configuration function of ASUS’ Wi-Fi router software, the RT-AC56U, is caused by a buffer overflow in the dynamic memory. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

Remote code execution

Rengine v1.0.2 was discovered to contain a remote code execution RCE vulnerability via the yaml configuration function...

PT-2022-19351 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: Rengine version 1.0.2 Description: The issue is related to a remote code execution RCE vulnerability via the yaml configuration function. Recommendations: For Rengine version 1.0.2, consider disabling the yaml configuration function as a...