88729 matches found
libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion
A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...
CVE-2025-14528
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZEDGROUP results in information disclosure. The attack may be performed from remote. The exploit is no...
CVE-2025-14528
The CVE-2025-14528 issue affects D-Link DIR-803 routers (firmware up to 1.04, A1 era). A vulnerability in the Configuration Handler’s /getcfg.php allows manipulation of the AUTHORIZED_GROUP parameter via newline injection, resulting in an authentication bypass and exposure of administrator creden...
CVE-2025-14522
A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/uploadjson.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the...
CVE-2025-14519 baowzh hfly advtext add cross site scripting
A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed...
mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
SUSE CVE-2025-14087
A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
PT-2025-50647
Name of the Vulnerable Software and Affected Versions SourceCodester Real Estate Property Listing App version 1.0 Description A flaw exists in SourceCodester Real Estate Property Listing App version 1.0 that allows for unrestricted file uploads. This is due to manipulation of the image argument...
CVE-2020-36898
QiHang Media Web Digital Signage 3.0.9 contains an unauthenticated file deletion vulnerability in the QH.aspx endpoint that allows remote attackers to delete files without authentication. Attackers can exploit the 'data' parameter by sending a POST request with file paths to delete arbitrary file...
mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2025-41732 Stack-based buffer overflow via unsafe sscanf in check_cookie()
An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...
EUVD-2025-202405
A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings...
CVE-2025-14087
A flaw was found in GLib Gnome Lib. This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. Mitigation Mitigation for this issu...
CVE-2025-41692
A high privileged remote attacker with admin privileges for the webUI can brute-force the "root" and "user" passwords of the underlying OS due to a weak password generation algorithm...
(0Day) Microsoft SharePoint Calendar Overlay Hyperlink Injection Vulnerability
This vulnerability allows remote attackers to inject unexpected hyperlinks on affected installations of Microsoft SharePoint. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
(0Day) Microsoft Windows MP4 File Parsing Null Pointer Dereference Denial-of-Service Vulnerability
This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within th...
PT-2025-50503
Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description An attacker within Bluetooth Low Energy BLE range can send commands to Meatmeet devices, leading to a Denial of Service. Specifically, the attacker can issue shutdown, restart, or clear conf...
EUVD-2025-202321
A flaw has been found in itsourcecode Student Management System 1.0. Affected is an unknown function of the file /newadviser.php. Executing manipulation of the argument Name can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used...
CVE-2025-14337
A vulnerability was determined in itsourcecode Student Management System 1.0. This affects an unknown part of the file /newgrade.php. This manipulation of the argument grade causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized...
CVE-2025-14336
A vulnerability was found in itsourcecode Student Management System 1.0. Affected by this issue is some unknown functionality of the file /promote.php. The manipulation of the argument sy results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and...