884 matches found
CVE-2025-7597 Tenda AX1803 setMacFilterCfg formSetMacFilterCfg stack-based overflow
A vulnerability classified as critical has been found in Tenda AX1803 1.0.0.1. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...
CVE-2025-7092
A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. This vulnerability affects the function formWlanSetupWPS of the file /goform/formWlanSetupWPS of the component webs. The manipulation of the argument wpsenroleepin/webpage leads to stack-based buffer overflow. Th...
CVE-2025-7090 Belkin F9K1122 webs formConnectionSetting stack-based overflow
A vulnerability, which was classified as critical, has been found in Belkin F9K1122 1.00.33. Affected by this issue is the function formConnectionSetting of the file /goform/formConnectionSetting of the component webs. The manipulation of the argument maxConn/timeOut leads to stack-based buffer...
CVE-2025-6858
A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5Cflushsingleentry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the publi...
CVE-2025-6855
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...
CVE-2025-6774 gooaclok819 sublinkX template.go AddTemp path traversal
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. The attack may be launched remotely. The exploit has been...
CVE-2025-6530 70mai M300 Telnet Service demo.sh denial of service
A vulnerability was found in 70mai M300 up to 20250611. It has been classified as problematic. This affects an unknown part of the file demo.sh of the component Telnet Service. The manipulation leads to denial of service. Access to the local network is required for this attack. The complexity of ...
UBUNTU-CVE-2025-6273
A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been...
CVE-2025-5904 TOTOLINK T10 POST Request cstecgi.cgi setWiFiMeshName buffer overflow
A vulnerability was found in TOTOLINK T10 4.1.8cu.5207. It has been declared as critical. Affected by this vulnerability is the function setWiFiMeshName of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument devicename leads to buffer overflow. Th...
CVE-2025-5642
A flaw was found in radare2. The rconspalinit function in libr/cons/pal.c exhibits a memory corruption vulnerability due to manipulation, potentially allowing an attacker to corrupt memory. A specially crafted input can trigger this condition. The resulting memory corruption may allow arbitrary...
CVE-2025-5599 PHPGurukul Student Result Management System editmyexp.php sql injection
A vulnerability classified as critical was found in PHPGurukul Student Result Management System 1.3. This vulnerability affects unknown code of the file /editmyexp.php. The manipulation of the argument emp1ctc leads to sql injection. The attack can be initiated remotely. The exploit has been...
CVE-2025-5432
A vulnerability has been found in AssamLook CMS 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewtender.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed t...
CVE-2025-5331
A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as critical. This vulnerability affects unknown code of the component NLST Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may...
CVE-2025-5324
CVE-2025-5324 affects TechPowerUp GPU-Z 2.23.0. The issue is in the IOCTL Handler component 0x8000645C, specifically function sub_140001880 in GPU-Z.sys, causing a memory leak. Exploitation is local and the vulnerability has been publicly disclosed. PT security advisory notes a temporary mitigati...
CVE-2025-5163
A vulnerability, which was classified as problematic, was found in yangshare 技术杨工 warehouseManager 仓库管理系统 1.0. This affects an unknown part. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be...
CVE-2024-7677
A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is the function updatesettingsinfo of the file /classes/SystemSettings.php?f=updatesettings. The manipulation of the argument contact/address...
CVE-2024-0989
A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function delsndb of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. T...
CVE-2024-3124
A vulnerability classified as problematic has been found in fridgecow smartalarm 1.8.1 on Android. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible...
CVE-2024-11996
A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit h...
CVE-2024-8414
A vulnerability has been found in SourceCodester Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to...