CVE-2024-39608

A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability...

CVE-2024-39801

CVE-2024-39801 affects Wavlink AC3000 (M33A8.V5030.210505). Talos reports multiple buffer-overflow vulnerabilities in qos.cgi qos_settings(), notably in the qos_bandwidth field (and related qos_dat/sel_mode parameters). In the affected function, these fields are strdup’d and later used to compose...

Wavlink AC3000 wireless.cgi SetName() buffer overflow vulnerability

Talos Vulnerability Report TALOS-2024-2039 Wavlink AC3000 wireless.cgi SetName buffer overflow vulnerability January 14, 2025 CVE Number CVE-2024-39357 SUMMARY A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName functionality of Wavlink AC3000 M33A8.V5030.210505. A...

CVE-2024-57473

H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to...

Advisory ROSA-SA-2025-2562

Software: xerces-c 3.1.1 OS: rosa-server79 packageevrstring: xerces-c-3.1.1-10.0.1.res7 CVE-ID: CVE-2023-37536 BDU-ID: 2023-06960 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Heerces C++ library of the BigFix Platform IT Collaborative Management Platform is caused by an integer overflow...

WAVLINK WN701AE 安全漏洞

WAVLINK WN701AE is a router developed by China RuiYin Technology WAVLINK. The WAVLINK WN701AE suffers from a hard-coded vulnerability that can be exploited by an attacker to submit a special request to access the system as root...

CVE-2024-40405

Incorrect access control in Cybele Software Thinfinity Workspace before v7.0.3.109 allows attackers to gain access to a secondary broker via a crafted request...

CVE-2024-39720

An issue was discovered in Ollama before 0.1.46. An attacker can use two HTTP requests to upload a malformed GGUF file containing just 4 bytes starting with the GGUF custom magic header. By leveraging a custom Modelfile that includes a FROM statement pointing to the attacker-controlled blob file,...

PT-2024-6594 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3910 devices through 4.3.2.6 Description: The issue is a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs. This can be exploited by...

OpenEMR has an unspecified vulnerability (CNVD-2024-31488)

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing and medical billing requests. A security vulnerability exists in OpenEMR version 7.0.2. An attacker can exploit...

Medium: amazon-ecr-credential-helper

Issue Overview: A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of da...

CVE-2024-36050

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request...

D-Link DIR-845 安全漏洞

The D-Link DIR-845L is a wireless router from China-based AUO D-Link. The D-Link DIR-845L suffers from a command execution vulnerability that can be exploited by an attacker to execute arbitrary commands on the system by sending a specially crafted request...

CVE-2023-49715

A unrestricted php file upload vulnerability exists in the import.json.php temporary copy functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to arbitrary code execution when chained with an LFI vulnerability. An attacker can send a series of HTTP...

SICK APU Security Vulnerability

SICK APU is a railroad analysis system from SICK, Germany. A security vulnerability exists in the SICK APU RDT400 that originates from a vulnerability that allows an attacker to change the path to a file using an HTTP request so that the site fails to load the necessary strings...

D-Link DAP-2622 Stack Buffer Overflow Remote Code Execution Vulnerability (CNVD-2026-07091)

The D-Link DAP-2622 is an enterprise-grade wireless access point AP from AUO D-Link, which is mainly used for wireless network coverage in commercial or enterprise environments. The D-Link DAP-2622 suffers from a stack buffer overflow remote code execution vulnerability that stems from a...

D-Link DAP-2660 安全漏洞

The D-Link DAP-2660 is a wireless device from China AUO D-Link. A security vulnerability exists in D-Link DAP-2660 v1.13, which stems from a buffer overflow vulnerability in the parameter fipv6enable. An attacker can exploit the vulnerability by designing a POST request...

CVE-2023-38949

An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request...

CVE-2023-38958

An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request...

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...