CVE-2025-41355

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

PT-2026-29209

Reflected Cross-Site Scripting XSS vulnerability in Anon Proxy Server v0.104. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending him/her a malicious URL. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or ...

CVE-2025-15234

Affects: Tenda M3 router (version 1.0.0.13(4903)). Vulnerable component: /goform/setInternetLanInfo, specifically the function formSetRemoteInternetLanInfo manipulating arguments portIp/portMask/portGateWay/portDns/portSecDns, causing a heap-based buffer overflow. Impact: potential remote code ex...

CVE-2025-15234 Tenda M3 setInternetLanInfo formSetRemoteInternetLanInfo heap-based overflow

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

CVE-2025-25893

An OS command injection vulnerability was discovered in D-Link DSL-3782 v1.01 via the inIP, insPort, inePort, exsPort, exePort, and protocol parameters. This vulnerability allows attackers to execute arbitrary operating system OS commands via a crafted packet...

Mercusys Mercury X18G 跨站脚本漏洞

The Mercusys Mercury X18G is a router from the Chinese company Mercusys. A cross-site scripting vulnerability exists in MERCUSYS Mercury X18G 1.0.5 devices, which originates via manual values for the src dport start, src dport end, and dest port parameters...