66 matches found
EulerOS 2.0 SP11 : libtiff (EulerOS-SA-2025-2202)
According to the versions of the libtiff package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file...
CVE-2025-8256
A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has bee...
CVE-2025-8174
A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidatesadd.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit...
CVE-2025-8176
CVE-2025-8176 affects LibTIFF up to 4.7.0, with a use-after-free in the get_histogram implementation (tools/tiffmedian.c). Exploitation is local, and public exploits have been disclosed. A patch is available: fe10872e53efba9cc36c66ac4ab3b41a839d5172; apply the official patch/update to mitigate. R...
CVE-2025-8171 code-projects Document Management System insert.php unrestricted upload
A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploadedfile leads to unrestricted upload. The attack may be initiated remotely...
CVE-2025-8160 Tenda AC20 httpd SetSysTimeCfg buffer overflow
A vulnerability classified as critical has been found in Tenda AC20 up to 16.03.08.12. Affected is an unknown function of the file /goform/SetSysTimeCfg of the component httpd. The manipulation of the argument timeZone leads to buffer overflow. It is possible to launch the attack remotely. The...
CVE-2025-8131 Tenda AC20 SetStaticRouteCfg stack-based overflow
A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely...
CVE-2025-7879 Metasoft 美特软件 MetaCRM mobileupload.jsp unrestricted upload
A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file mobileupload.jsp. The manipulation of the argument File leads to unrestricted upload. The attack can be launched remotely. The...
KLA85941 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in WebRTC can be exploited remotely to cause denial of...
CVE-2025-7532 Tenda FH1202 webExcptypemanFilter fromwebExcptypemanFilter stack-based overflow
A vulnerability has been found in Tenda FH1202 1.2.0.14408 and classified as critical. This vulnerability affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated...
CVE-2025-6914
A vulnerability classified as critical was found in PHPGurukul Student Record System 3.2. Affected by this vulnerability is an unknown functionality of the file /edit-student.php. The manipulation of the argument fmarks2 leads to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-6908 PHPGurukul Old Age Home Management System edit-services.php sql injection
A vulnerability, which was classified as critical, was found in PHPGurukul Old Age Home Management System 1.0. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument sertitle leads to sql injection. It is possible to launch the attack remotely. The...
CVE-2025-6693 RT-Thread device.c sys_device_write memory corruption
A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...
CVE-2025-6270
The CVE-2025-6270 entry concerns HDF5 up to 1.14.6, affecting the function H5FS__sect_find_node in H5FSsection.c. The vulnerability is a heap-based buffer overflow disclosed as exploitable on the local host, with PoC shown in public references. Connected documents confirm affected software and ro...
KLA85302 Multiple vulnerabilities in Microsoft Browser
Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Integer overflow vulnerability in V8 can be exploited to cause denial of service. 2. Use...
KLA85303 OSI vulnerability in Microsoft Dynamics
Information disclosure vulnerability was found in Microsoft Dynamics. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories CVE-2025-49715 Related products Microsoft-Dynamics-365 CVE list CVE-2025-49715 critical Solution Install necessary updates from...
CVE-2025-5869
CVE-2025-5869 affects RT-Thread 5.1.0. The vulnerability is in the function sys_recvfrom (rt-thread/components/lwp/lwp_syscall.c) where manipulation of the from argument leads to memory corruption. Several sources corroborate the impact as memory corruption with a critical severity, including mul...
CVE-2025-5356 FreeFloat FTP Server BYE Command buffer overflow
A vulnerability was found in FreeFloat FTP Server 1.0. It has been classified as critical. Affected is an unknown function of the component BYE Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...
WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing
Exploit Title: WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing Google Dork: inurl:/wp-content/plugins/digits/ Date: 2025-04-30 Exploit Author: Saleh Tarawneh Vendor Homepage: https://digits.unitedover.com/ Version: 8.4.6.1 CVE : CVE-2025-4094 """ The Digits plugin for...
CVE-2025-5137
A vulnerability was found in DedeCMS 5.7.117. It has been classified as critical. Affected is an unknown function of the file dede/sysverifies.php?action=getfiles of the component Incomplete Fix CVE-2018-9175. The manipulation of the argument refiles leads to code injection. It is possible to...