CVE-2025-24946

The hash table used to manage connections in picoquic before b80fd3f uses a weak hash function, allowing remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs...

Tenda W18E DelfaceBookPIC Function Buffer Overflow Vulnerability

The Tenda W18E is a wireless router from the Chinese company Tenda. A buffer overflow vulnerability exists in Tenda W18E version 16.01.0.81625, which stems from a failure of the DelfaceBookPIC function to correctly validate the length of input data, and can be exploited by an attacker to execute...

Google Android shouldSkipForInitialSUW function authorization issue vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an authorization issue vulnerability that stems from a lack of permission checking in the shouldSkipForInitialSUW function of AdvancedPowerUsageDetail.java, which can be exploited by an attacker ...

CVE-2025-26362

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to set an arbitrary authentication profile server via crafted HTTP requests...

CVE-2025-26363

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable an authentication profile server via crafted HTTP requests...

CVE-2024-50375

A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G = 1.6.3, EKI-6333AC-2GD = v1.6.3 and EKI-6333AC-1GPO = v1.2.1. The vulnerability can be exploited by remote unauthenticated users capable of interacting...

CVE-2024-35293

An unauthenticated remote attacker may use a missing authentication for critical function vulnerability to reboot or erase the affected devices resulting in data loss and/or a DoS...

CVE-2024-56732 HarfBuzz heap-buffer-overflow on hb_cairo_glyphs_from_buffer

HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hbcairoglyphsfrombuffer function...

CVE-2024-56527

CVE-2024-56527 affects the TCPDF PHP class. The issue is in the Error() function, which lacks an htmlspecialchars escape for the error message. This is a code-level input handling flaw in TCPDF prior to 6.8.0. Connected advisories from Debian (DLA-4199/DSA-5933) show multiple TCPDF CVEs, includin...

AZL-54557 CVE-2024-45338 affecting package telegraf for versions less than 1.29.4-10

An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service...

Synology Surveillance Station 安全漏洞

Synology Surveillance Station is an application from Synology Inc. of China. It provides intelligent monitoring and video management tools to protect your valuable assets. A security vulnerability exists in Synology Surveillance Station versions prior to 9.2.0-11289 and 9.2.0-9289. An attacker ca...

Tenda G3 formSetUSBPartitionUmount function command injection vulnerability

Tenda G3 is a Qos Vpn router from Tenda China. Tenda G3 suffers from a command injection vulnerability, which stems from the formSetUSBPartitionUmount function failing to properly filter constructor command special characters, commands, etc. The vulnerability can be exploited to execute arbitrary...

CVE-2024-51116

CVE-2024-51116 affects Tenda AC6 router, specifically v2.0 with V15.03.06.50. The root cause is a buffer overflow in the function formSetPPTPServer caused by improper input data length validation. Reported impacts include remote arbitrary code execution or denial of service. Public exploit detail...

CVE-2024-31029

The CVE-2024-31029 issue affects FreeCoAP, originating in the server_handle_regular function of test_coap_server.c. Multiple sources (NVD, Red Hat, OSV, CNNVD, CVE lists) describe a denial-of-service condition triggered by specially crafted CoAP packets sent to the server. The precise vulnerable ...

CVE-2024-6757 Elementor <= 3.23.5 - Authenticated (Contributor+) Basic Information Exposure via get_image_alt Function

The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 3.23.5 via the getimagealt function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

AUO DIR-605L formWlanSetup_Wizard Function Buffer Overflow Vulnerability

The AUO DIR-605L is a wireless router from China's AUO D-Link. The AUO DIR-605L suffers from a buffer overflow vulnerability that originates from the webpage parameter of the formWlanSetupWizard function in the /goform/formWlanSetupWizard page that fails to correctly validate the length of the...

CVE-2024-8530

Schneider Electric Data Center Expert suffers a Missing Authentication for Critical Function (CWE-306) vulnerability that could disclose private data when a pre-generated logcaptures archive is accessed via HTTPS. Affected: Data Center Expert (versions up to 8.1.1.3 and prior). Root cause: lack o...

Siemens SIMATIC RFID Readers Hidden Function Vulnerability (CNVD-2024-38007)

SIMATIC RF600 Readers are used for contactless identification of a variety of objects such as shipping containers, pallets, production goods, or often for recording bulk goods.SIMATIC RF1100 is an RFID-based solution for simple and versatile electronic authorization management.SIMATIC RF360R read...

CVE-2024-44572

RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sysmgmt function...

K000140882: OpenSSL vulnerability CVE-2024-5535

Security Advisory Description Issue summary: Calling the OpenSSL API function SSLselectnextproto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as...