PT-2025-47045

Name of the Vulnerable Software and Affected Versions D-Link DIR-816L version 2 06 b09 beta Description A stack-based buffer overflow exists in the scandir main function of the /portal/ ajax exporer.sgi file. This flaw can be exploited remotely. The argument en can be manipulated to trigger the...

CVE-2025-58185

Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion...

CVE-2025-58183

tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a...

CVE-2025-61724

The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption...

CVE-2025-58186

Despite HTTP headers having a default limit of 1MB, the number of cookies that can be parsed does not have a limit. By sending a lot of very small cookies such as "a=;", an attacker can make an HTTP server allocate a large amount of structs, causing large memory consumption...

CVE-2025-34305

IPFire versions prior to 2.29 Core Update 198 contain multiple stored cross-site scripting XSS vulnerabilities caused by a bug in the cleanhtml function /var/ipfire/header.pl that fails to apply HTML-entity encoding to user input. When an authenticated user submits data to affected endpoints - fo...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices NULL Pointer Dereference (CVE-2024-47692)

In the Linux kernel, the following vulnerability has been resolved: nfsd: return -EINVAL when namelen is 0 When we have a corrupted main.sqlite in /var/lib/nfs/nfsdcld/, it may result in namelen being 0, which will cause memdupuser to return ZEROSIZEPTR. When we access the name.data that has been...

TOTOLINK N600R main function null pointer dereference vulnerability

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a null pointer dereference vulnerability, which stems from the presen...

NewStart CGSL MAIN 7.02 : pam Vulnerability (NS-SA-2025-0252)

The remote NewStart CGSL host, running version MAIN 7.02, has pam packages installed that are affected by a vulnerability: - A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to...

CVE-2025-60335

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866B20220506 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

EUVD-2025-35585

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866B20220506 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2025-60335

A NULL pointer dereference in the main function of TOTOLINK N600R v4.3.0cu.7866B20220506 allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2025-60335

CVE-2025-60335 affects TOTOLINK N600R (v4.3.0cu.7866_B20220506). The main function contains a null pointer dereference that can be triggered by a crafted HTTP request, enabling a Denial of Service. CVSS v3.1 base score 7.5 (HIGH) with network attack vector, no privileges, no user interaction requ...

TOTOLINK N600R 安全漏洞

TOTOLINK N600R is a dual-band wireless router launched by Korean brand TOTOLINK in 2013, which supports 2.4GHz and 5GHz dual-band concurrency with a maximum wireless transmission rate of 300Mbps. The TOTOLINK N600R suffers from a null pointer dereference vulnerability, which stems from the presen...

CVE-2025-57521

Bambu Studio 2.1.1.52 and earlier is affected by a vulnerability that allows arbitrary code execution during application startup. The application loads a network plugin without validating its digital signature or verifying its authenticity. A local attacker can exploit this behavior by placing a...

JLSEC-2025-122 A null pointer dereference issue was discovered in 'FFmpeg' in decode_main_header() function of liba...

A null pointer dereference issue was discovered in 'FFmpeg' in decodemainheader function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformatnewstream and triggers the null pointer dereference error, causing an application to crash...

ULTIMATE-CYBERSECURITY-MASTER-GUIDE

🛡️ ULTIMATE CYBERSECURITY MASTER GUIDE COLLECTION 📊 Comple...

CVE-2025-11665 D-Link DAP-2695 Firmware Update rgbin fwupdater_main os command injection

A vulnerability was detected in D-Link DAP-2695 2.00RC131. This affects the function fwupdatermain of the file rgbin of the component Firmware Update Handler. Performing manipulation results in os command injection. The attack may be initiated remotely. This vulnerability only affects products th...

Linux Distros Unpatched Vulnerability : CVE-2023-53495

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mvpp2main: fix possible OOB write in mvpp2ethtoolgetrxnfc rules is allocated ...

EUVD-2016-9615

Malware in sbrugna...