PT-2025-34657 · Dasan · Dasan Gpon Onu H660Wm +1

Name of the Vulnerable Software and Affected Versions: DASAN GPON ONU H660WM H660WMR210825 Description: An incorrect access control issue exists in the /cgi-bin/system diagnostic main.asp component, potentially allowing attackers to access sensitive information. Recommendations: At the moment,...

CVE-2025-29524

The CVE-2025-29524 entry concerns an incorrect access control flaw in the DASAN GPON ONU H660WM/H660WMR210825, specifically in the /cgi-bin/system_diagnostic_main.asp component. The disclosed issue allows attackers to access sensitive information. Documents across multiple sources confirm the com...

CVE-2025-29524

Incorrect access control in the component /cgi-bin/systemdiagnosticmain.asp of DASAN GPON ONU H660WM H660WMR210825 allows attackers to access sensitive information...

ROS-20250825-04

A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

CVE-2025-9390 vim xxd xxd.c main buffer overflow

A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be...

Linux Distros Unpatched Vulnerability : CVE-2007-4306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.10.3 allow remote attackers to inject arbitrary web script or HTML via the 1 unlimnumrows, 2...

PT-2025-34566 · Vim +1 · Vim +1

Name of the Vulnerable Software and Affected Versions: vim versions prior to 9.1.1616 Description: A security flaw exists in vim due to a buffer overflow in the main function of the xxd.c file within the xxd component. The vulnerability is locally exploitable. An exploit for this issue has been...

Linux Distros Unpatched Vulnerability : CVE-2025-8585

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability, which was classified as critical, has been found in libav up to 12.3. Affected by this issue is the function main of the file /avtools/avconv.c...

VulnCheck KEV: CVE-2024-45888

DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the action parameter in cgi-bin/mainfunction.cgi is set to setapmapconfig.'...

CVE-2025-53948

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

CVE-2025-53948

CVE-2025-53948 pertains to the Sante PACS Server, where a remote attacker can crash the main thread by sending a crafted HL7 message, resulting in a denial-of-service condition. The vulnerability enables unauthenticated remote impact and requires a manual restart to restore service. Multiple sour...

CVE-2025-53948 Santesoft Sante PACS Server Double Free

The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...

📄 RiteCMS 3.0.0 Cross Site Scripting

RiteCMS versions 3.0.0 and below suffer from a cross site scripting vulnerability. Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link:...

RiteCMS 3.0.0 - Reflected Cross Site Scripting (XSS)

Exploit Title: RiteCMS 3.0.0 – Reflected Cross-Site Scripting XSS Google Dork: N/A Date: 2024-08-12 Exploit Author: GURJOT SINGH Vendor Homepage: https://ritecms.com/ Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.0.0/ritecms.v3.0.0.zip Version: Steps: 1. Log in or...

Medical Store Management System MainPanel.java File SQL Injection Vulnerability

Medical Store Management System is a pharmacy management system. Medical Store Management System has a SQL injection vulnerability that originates from improper filtering of searchTxt parameters in the MainPanel.java file, which can be exploited by an attacker to obtain sensitive information...

CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...

CVE-2025-9001

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...

CVE-2025-9001 LemonOS HTTP Client main.cpp HTTPGet stack-based overflow

A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be...

Linux Distros Unpatched Vulnerability : CVE-2024-41029

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: nvmem: core: limit cell sysfs permissions to main attribute ones The cell sysfs attribute...

MAL-2025-23936 Malicious code in js3030-main (npm)

The package js3030-main was found to contain malicious code...