CVE-2025-24332 Authenticated admin user can connect baseband internally from one board to another without needing to re-authentication

Nokia Single RAN AirScale baseband allows an authenticated administrative user access to all physical boards after performing a single login to the baseband system board. The baseband does not re-authenticate the user when they connect from the baseband system board to the baseband capacity board...

The vulnerability of the microprogrammed software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to insufficient verification of input data. This allows attackers to enhance their privileges and execute arbitrary commands.

The vulnerability of the microprogramming software of Edimax EW-7438RPn Mini wireless signal amplifiers is related to insufficient checking of input data during the processing of the final command /goform/mp. Exploiting this vulnerability can allow a remote attacker to enhance their privileges an...

PT-2025-28077 · Belkin · Belkin F9K1122

Name of the Vulnerable Software and Affected Versions: Belkin F9K1122 version 1.00.33 Description: A critical issue has been found in the Belkin F9K1122, affecting the function mp of the file /goform/mp of the component webs. The manipulation of the argument command leads to os command injection...

CVE-2025-34024

An OS command injection vulnerability exists in the Edimax EW-7438RPn firmware version 1.13 and prior via the mp.asp form handler. The /goform/mp endpoint improperly handles user-supplied input to the command parameter. An authenticated attacker can inject shell commands using shell metacharacter...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquiring SRCU in KVMGETMPSTATE to protect guest memory accesses Acquiring a lock on kvm-srcu when userspace is obtaining the MP state can lead to a severe edge case where processing APIC events, such as during pending...

CVE-2025-32106

In Audiocodes Mediapack MP-11x through 6.60A.369.002, a crafted POST request request may result in an unauthenticated remote user's ability to execute unauthorized code...

CVE-2025-22905

RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp...

CVE-2024-33782

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function OTExtensionWithMatrix::extend in /OT/OTExtensionWithMatrix.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message...

CVE-2024-33780

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::copyOut at /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message...

CVE-2024-33781

MP-SPDZ v0.3.8 was discovered to contain a stack overflow via the function octetStream::getbytes in /Tools/octetStream.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message...

CVE-2024-33783

MP-SPDZ v0.3.8 was discovered to contain a segmentation violation via the function osuCrypto::SilentMultiPprfReceiver::expand in /Tools/SilentPprf.cpp. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted message...

CVE-2024-48197

Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface...

CVE-2024-54009

Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information...

CVE-2022-38861

The MPlayer Project mplayer SVN-r38374-13.0.1 is vulnerable to memory corruption via function freempimage of libmpcodecs/mpimage.c...

CVE-2021-35394

Realtek Jungle SDK version v2.x up to v3.4.14B provides a diagnostic tool called 'MP Daemon' that is usually compiled as 'UDPServer' binary. The binary is affected by multiple memory corruption vulnerabilities and an arbitrary command injection vulnerability that can be exploited by remote...

CVE-2021-22747

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique...

CVE-2021-22744

Improper Check for Unusual or Exceptional Conditions vulnerability exists in Triconex Model 3009 MP installed on Tricon V11.3.x systems that could cause module reset when TCM receives malformed TriStation packets while the write-protect keyswitch is in the program position. This CVE ID is unique...

CVE-2020-23887

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service DoS via a crafted ico file. Related to a Read Access Violation starting at USER32!SmartStretchDIBits+0x33...

CVE-2020-23886

XnView MP v0.96.4 was discovered to contain a heap overflow which allows attackers to cause a denial of service DoS via a crafted pict file. Related to a User Mode Write AV starting at ntdll!RtlpLowFragHeapFree...

CVE-2019-9964

XnView MP 0.93.1 on Windows allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted file, related to ntdll!RtlpNtMakeTemporaryKey...