CVE-2025-14879

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssidindex causes stack-based buffer overflow. It is possible to initiate the attack remotely. The explo...

CVE-2025-14878

A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit...

CVE-2025-10910 Gaining remote control over Govee devices

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

CVE-2025-10910

CVE-2025-10910 describes a binding-flaw in Govee’s cloud platform that allows a remote attacker to bind an existing online Govee device to the attacker’s account, granting full control and removing it from the legitimate owner’s account. The server-side API accepts identifiers (device, sku, type)...

CVE-2025-67074

A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload field serverName to /goform/AdvSetMacMtuWan...

PT-2025-52269

Name of the Vulnerable Software and Affected Versions D-Link DIR-605 version 202WWB03 Description A flaw exists in the Firmware Update Service component of the device, allowing for command injection. This issue can be exploited remotely. The exploit is publicly available. This vulnerability affec...

PT-2025-52552

Name of the Vulnerable Software and Affected Versions Tenda AC18 version 15.03.05.05 Description A flaw exists in the Tenda AC18 router that could allow for remote attacks. The issue is related to the sprintf function within the HTTP Request Handler component, specifically in the file...

CVE-2025-14832 itsourcecode Online Cake Ordering System updateproduct.php sql injection

A vulnerability was identified in itsourcecode Online Cake Ordering System 1.0. The affected element is an unknown function of the file /updateproduct.php?action=edit. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicl...

PT-2025-51871

Name of the Vulnerable Software and Affected Versions Tenda AC10V4.0 version 16.03.10.20 Description A buffer overflow condition exists in the fromAdvSetMacMtuWan function within the httpd binary. This allows remote attackers to potentially cause a denial of service or even execute code. The issu...

ROS-20251217-7316

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

ROS-20251217-7314

A vulnerability in the V8 JavaScript script handler of Google Chrome browser is related to data type mixing errors. Exploitation of the vulnerability could allow a remote attacker to affect the confidentiality, integrity and availability of protected information using a specially crafted HTML pag...

EUVD-2025-203642

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dishtradedetailget. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now...

God Mode On: how we attacked a vehicle’s head unit modem

Introduction Imagine you're cruising down the highway in your brand-new electric car. All of a sudden, the massive multimedia display fills with Doom, the iconic 3D shooter game. It completely replaces the navigation map or the controls menu, and you realize someone is playing it remotely right...

CVE-2025-61976

CVE-2025-61976 affects CHOCO TEI WATCHER mini (IB-MCT001). A vulnerability described as an improper check for unusual or exceptional conditions could allow a remote attacker to send a crafted request to the Video Download interface, potentially causing the system to become unresponsive. Public so...

FreshRSS 路径遍历漏洞

FreshRSS is a free, self-hosted RSS aggregator from the FreshRSS open source. A path traversal vulnerability exists in FreshRSS. An attacker exploiting this vulnerability could execute code...

CTCMS 安全漏洞

CTCMS Chibi CMS is a video content management system from China Chibi CMS CTCMS company. A security vulnerability exists in CTCMS 2.1.2 and earlier versions, which originates from an improper neutralization of special elements of the template engine by an unknown function in the file...

ROS-20251216-7373

A vulnerability in the Omnibox component of Google Chrome and Microsoft Edge browsers is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface using a specially crafted HTML page...

ROS-20251216-7372

A vulnerability in the SplitView component of Google Chrome and Microsoft Edge browsers is related to information presentation errors in the user interface. Exploitation of the vulnerability could allow an attacker acting remotely to spoof the user interface...

CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

CVE-2025-14650

A flaw has been found in itsourcecode Online Cake Ordering System 1.0. This affects an unknown part of the file /cakeshop/product.php. Executing manipulation of the argument Product can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used...