CVE-2025-8834 JCG Link-net LW-N915R Wireless Basic Settings basic.asp cross site scripting

A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack...

Dell ControlVault3 cv_close arbitrary free vulnerability

Talos Vulnerability Report TALOS-2024-2129 Dell ControlVault3 cvclose arbitrary free vulnerability August 9, 2025 CVE Number CVE-2025-25215 SUMMARY An arbitrary free vulnerability exists in the cvclose functionality of Dell ControlVault3 5.14.3.0. A specially crafted ControlVault API call can lea...

The vulnerability of the system() function in the bin/goahead software for D-Link DIR-816 A2 wireless routers allows a hacker to execute arbitrary code.

The vulnerability of the system function in the bin/goahead microprogramming software for D-Link DIR-816 A2 wireless routers is related to the lack of measures taken to clean data at the control level. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

CVE-2025-54351

A flaw was found in iperf3. The recv function in net.c exhibits a buffer overflow when the --skip-rx-copy option is used with MSGTRUNC, allowing a network attacker to trigger the overflow. This vulnerability allows an attacker to send a specially crafted message. The resulting buffer overflow may...

Vvveb 注入漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. An injection vulnerability exists in Vvveb version 1.0.5, which stems from code injection due to a misbehavior of the function Save in the file...

The vulnerability of the `open()` function in the YAML-LibYAML Perl programming language interpreter allows a malicious actor to gain unauthorized access and modify any file.

The vulnerability of the open function in the YAML-LibYAML Perl programming language interpreter involves the use of files and directories accessible from external parties. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to and modify a...

Vulnerability of the H5FS__sect_link_size() function (src/H5FSsection.c) in the HDF5 library, which allows a hacker to cause a service failure

The vulnerability of the H5FSsectlinksize function src/H5FSsection.c in the HDF5 library is related to the occurrence of operations outside the buffer’s boundaries in memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

PT-2025-27730 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been identified in the Linux kernel, specifically in the lenovo se30 wdt probe function. This issue arises because devm ioremap returns NULL on...

CVE-2025-45931

An issue D-Link DIR-816-A2 DIR-816A2FWv1.10CNB05R1B011D88210 allows a remote attacker to execute arbitrary code via system function in the bin/goahead file...

Vulnerability of the mmhub_v3_3_print_l2_protection_fault_status() function in the drivers/gpu/drm/amd/amdgpu/mmhub_v3_3.c module – A driver for AMD GPU cores in Linux operating systems that allows a hacker to trigger a service failure

Vulnerability of the mmhubv33printl2protectionfaultstatus function in the drivers/gpu/drm/amd/amdgpu/mmhubv33.c module – The Linux kernel’s AMD GPU Direct Rendering Infrastructure DRI support driver is vulnerable due to buffer overflow exploits. Exploitation of this vulnerability could allow an...

Vulnerability of the adf_probe() function in the drivers/crypto/qat/qat_c3xxxvf/adf_drv.c module – a driver for the Linux kernel’s cryptographic accelerator, which allows a hacker to cause a system failure.

Vulnerability of the adfprobe function in the drivers/crypto/qat/qatc3xxxvf/adfdrv.c module – The driver for the Linux kernel’s cryptographic accelerator involves the use of an uninitialized resource. Exploiting this vulnerability could allow a hacker to cause system failures...

CVE-2024-41503

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the field "Ttulo" title inside the filter Save option in the "Busca" search function...

CVE-2025-5192

A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions...

Server-Side Request Forgery (SSRF)

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

PT-2025-23078 · Sourcecodester · Sourcecodester Computer Store System

Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Store System version 1.0 Description: A critical issue has been found in the SourceCodester Computer Store System. This issue affects the function Add of the file main.c. The manipulation of the argument...

Radashi 安全漏洞

Radashi is a modern, community-first TypeScript toolkit open-sourced by Radashi. A security vulnerability exists in Radashi versions prior to 12.5.1 that stems from the set function being vulnerable to prototype contamination attacks...

CVE-2025-5126 Teledyne FLIR AX8 settingsregional.php setDataTime command injection

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be...

CVE-2024-4280

The White Label CMS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetplugin function in all versions up to, and including, 2.7.3. This makes it possible for unauthenticated attackers to reset plugin settings...

CVE-2024-33748

Cross-site scripting XSS vulnerability in the search function in Maven net.mingsoft MS Basic 2.1.13.4 and earlier...

CVE-2024-34252

wasm3 v0.5.0 was discovered to contain a global buffer overflow which leads to segmentation fault via the function "PreserveRegisterIfOccupied" in wasm3/source/m3compile.c...