CVE-2025-14233

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2025-14236

Buffer overflow in Address Book attribute tag processing on Small Office Multifunction Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02 and...

CVE-2025-14235

Buffer overflow in XPS font fpgm data processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06....

CVE-2025-14233

Invalid free in CPCA file deletion processing on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2025-14232

Buffer overflow in XML processing of XPS file in Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2025-14231

Canon CVE-2025-14231 describes a buffer overflow in the Web Services for Devices (WSD) print-job processing for multiple Canon Small Office Multifunction Printers and Laser Printers. A remote attacker on the same network segment could trigger unresponsiveness or arbitrary code execution. Affected...

CVE-2025-63214

An issue was discovered in bridgetech VBC Server & Element Manager, firmware version 6.5.0-10 , 6.5.0-9, allowing unauthorized attackers to delete and create arbitrary accounts...

CVE-2025-63211

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint...

PT-2025-47526

Name of the Vulnerable Software and Affected Versions bridgetech VBC Server & Element Manager versions 6.5.0-9 through 6.5.0-10 Description An issue exists in bridgetech VBC Server & Element Manager that allows unauthorized attackers to create and delete arbitrary accounts. Recommendations Update...

CVE-2025-63214

The CVE-2025-63214 affects bridgetech VBC Server & Element Manager, firmware 6.5.0-9 and 6.5.0-10, allowing unauthorized attackers to delete and create arbitrary accounts. Public sources (PT-2025-47526) recommend updating to a version newer than 6.5.0-10. Risk/exploitation details are not specifi...

VulnCheck KEV: CVE-2022-25064

TP-LINK TL-WR840NESV6.20180709 was discovered to contain a remote code execution RCE vulnerability via the function oalwan6setIpAddr...

CVE-2024-1575

The improper privilege management vulnerability in the Zyxel WBE660S firmware version 6.70ACGG.3 and earlier versions could allow an authenticated user to escalate privileges and download the configuration files on a vulnerable device...

CVE-2023-35193

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

CVE-2023-35194

An OS command injection vulnerability exists in the api.cgi cmd.mvpn.x509.write functionality of peplink Surf SOHO HW1 v6.3.5 in QEMU. A specially crafted HTTP request can lead to command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.This vulnerabilit...

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

TP-LINK TL-WR840N 安全漏洞

The TP-LINK TL-WR840N is a wireless router from China P&L TP-LINK. A security vulnerability exists in the TP-LINK TL-WR840N EU v6.20 firmware 0.9.1 4.17 v0001.0 Build 201124 Rel.64328n, which stems from an incorrect password reset function and can be exploited by an attacker to cause a buffer...

Christie Digital DWU850-GS 授权问题漏洞

The Christie Digital DWU850-GS is a laser projector from Christie. A security vulnerability in webctrl.cgi.elf in the firmware of the Christie Digital DWU850-GS version V06.46 can be exploited by an attacker to perform any desired action via a specially crafted query containing an unspecified...

Ubiquiti Networks AirOS Operating System Command Injection Vulnerability

Ubiquiti Networks AirOS is a suite of operating systems for Ubiquiti network devices from Ubiquiti Networks. A command injection vulnerability exists in Ubiquiti Networks AirMax AirOS TI, XW, and XM boards using firmware version 6.2.0 and earlier. A remote attacker could exploit the vulnerability...

Ubiquiti Networks AirOS Cross-Site Scripting Vulnerability

Ubiquiti Networks AirOS is a suite of operating systems for Ubiquiti network devices from Ubiquiti Networks. A cross-site scripting vulnerability exists in Ubiquiti Networks AirMax AirOS TI, XW, and XM boards using firmware version 6.2.0 and earlier. An attacker could exploit the vulnerability to...

CVE-2019-5648

Authenticated, administrative access to a Barracuda Load Balancer ADC running unpatched firmware = v6.4 allows one to edit the LDAP service configuration of the balancer and change the LDAP server to an attacker-controlled system, without having to re-enter LDAP credentials. These steps can be us...