CVE-2025-54351

A flaw was found in iperf3. The recv function in net.c exhibits a buffer overflow when the --skip-rx-copy option is used with MSGTRUNC, allowing a network attacker to trigger the overflow. This vulnerability allows an attacker to send a specially crafted message. The resulting buffer overflow may...

Vvveb 注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. An injection vulnerability exists in Vvveb version 1.0.5, which stems from code injection due to a misbehavior of the function Save in the file...

PT-2025-27730 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the lenovo se30 wdt probe function. This issue arises because devm ioremap returns NULL on...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

CVE-2024-41503

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the field "Ttulo" title inside the filter Save option in the "Busca" search function...

CVE-2025-5192

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions...

Server-Side Request Forgery (SSRF)

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

PT-2025-23078 · Sourcecodester · Sourcecodester Computer Store System

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Store System version 1.0 Description: A critical issue has been found in the SourceCodester Computer Store System. This issue affects the function Add of the file main.c. The manipulation of the argument...

Radashi 安全漏洞

Radashi is a modern, community-first TypeScript toolkit open-sourced by Radashi. A security vulnerability exists in Radashi versions prior to 12.5.1 that stems from the set function being vulnerable to prototype contamination attacks...

CVE-2025-5126 Teledyne FLIR AX8 settingsregional.php setDataTime command injection

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2024-4280

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-34252

wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3compile.c...

CVE-2024-33267

SQL Injection vulnerability in Hero hfheropayment v.1.2.5 and before allows an attacker to escalate privileges via the HfHeropaymentGatewayBackModuleFrontController::initContent function...

CVE-2024-39173

calculator-boilerplate v1.0 was discovered to contain a remote code execution RCE vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field...

CVE-2024-25114

Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should...

CVE-2024-51116

Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'...

CVE-2023-1837

Missing Authentication for critical function vulnerability in HYPR Server allows Authentication Bypass when using Legacy APIs.This issue affects HYPR Server: before 8.0 with enabled Legacy APIs...

CVE-2023-51970

Tenda AX1803 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv...

CVE-2023-47110

blockreassurance adds an information block aimed at offering helpful information to reassure customers that their store is trustworthy. An ajax function in module blockreassurance allows modifying any value in the configuration table. This vulnerability has been patched in version 5.1.4...