587 matches found
CVE-2025-15083
A vulnerability was determined in TOZED ZLT M30s up to 1.47. The affected element is an unknown function of the component UART Interface. Executing manipulation can lead to on-chip debug and test interface with improper access control. The physical device can be targeted for the attack. Attacks o...
CVE-2025-14702
A flaw has been found in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown function of the component be.smartschool.mobile.SplashActivity. Executing manipulation can lead to path traversal. The attack requires local access. The exploit has been published and may be used. The...
CVE-2025-14534
A vulnerability was determined in UTT 进取 512W up to 3.1.7.7-171114. This impacts the function strcpy of the file /goform/formNatStaticMap of the component Endpoint. Executing manipulation of the argument NatBind can lead to buffer overflow. The attack can be launched remotely. The exploit has bee...
CVE-2025-14220 ORICO CD3510 File Upload path traversal
A security vulnerability has been detected in ORICO CD3510 1.9.12. This affects an unknown function of the component File Upload. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early...
PT-2025-49404
Name of the Vulnerable Software and Affected Versions UTT 进取 512W versions through 1.7.7-171114 Description A buffer overflow issue exists in the strcpy function within the /goform/formP2PLimitConfig file. Manipulation of the except argument can lead to a buffer overflow. This issue is potentiall...
PT-2025-49363
Name of the Vulnerable Software and Affected Versions Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 versions 1.0.013.001 through 1.2.07.001 Description A security flaw exists in Linksys RE series Wireless Repeaters. The issue involves a stack-based buffer overflow in the...
CVE-2025-14089
Himool ERP up to 2.2 contains an improper authorization vulnerability in the AdminActionViewSet function update_account (file path: /api/admin/update_account/). The issue allows remote exploitation with publicly available tooling. Multiple sources (NVD, Red Hat, CVE listings, and others) confirm ...
CVE-2025-13813
A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's complexity is rat...
EUVD-2025-199960
A weakness has been identified in moxi159753 Mogu Blog v2 up to 5.2. The affected element is an unknown function of the file /file/pictures. This manipulation of the argument filedatas causes unrestricted upload. The attack may be initiated remotely. The exploit has been made available to the...
CVE-2025-13810 jsnjfz WebStack-Guns KaptchaController.java renderPicture path traversal
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...
CVE-2025-13808
A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...
CVE-2025-13800
The CVE-2025-13800 issue affects ADSLR NBR1005GPEV2 (version 250814-r037c). The vulnerability lies in the set_mesh_disconnect function of /send_order.cgi, where manipulating the mac argument enables command injection. It can be triggered remotely, and public exploits exist. Multiple sources corro...
CVE-2025-13785 yungifez Skuul School Management System Image profile information disclosure
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The...
JLSEC-2025-242 A vulnerability was found in libarchive up to 3.7.7
A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the publi...
EUVD-2025-197717
A weakness has been identified in Bdtask Flight Booking Software 4. Affected by this vulnerability is an unknown functionality of the file /agent/profile/edit of the component Edit Profile Page. This manipulation causes unrestricted upload. The attack may be initiated remotely. The exploit has be...
CVE-2025-13177
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but...
CVE-2025-12207
A vulnerability has been found in Kamailio 5.5. This affects the function yyerrorat of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may...
CVE-2025-11852 Apeman ID71 ONVIF Service device_service missing authentication
A vulnerability was found in Apeman ID71 218.53.203.117. The impacted element is an unknown function of the file /onvif/deviceservice of the component ONVIF Service. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been...
PT-2025-41735
Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...
PT-2025-41709
Name of the Vulnerable Software and Affected Versions RainyGao DocSys versions through 2.02.36 Description A flaw exists in RainyGao DocSys that allows for remote manipulation leading to SQL injection. The issue is related to the getUserList function within the /Manage/getUserList.do file. The...