3871 matches found
CVE-2025-10089
Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...
CVE-2025-10089 Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S
Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...
CVE-2025-10089
CVE-2025-10089 affects Mitsubishi Electric MILCO.S family (Setting/IR Setting/Easy Setting/Easy Switch) with an Uncontrolled Search Path Element vulnerability during installation. A local attacker could cause the installer to load a malicious DLL, enabling code execution. If MILCO.S Lighting Cont...
EUVD-2025-197931
Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...
CVE-2025-10089 Malicious Code Execution Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S
Uncontrolled Search Path Element Vulnerability in Setting and Operation Application for Lighting Control System MILCO.S Setting Application all versions, MILCO.S Setting Application IR all versions, MILCO.S Easy Setting Application IR all versions, and MILCO.S Easy Switch Application IR all...
WordPress plugin Download Panel 安全漏洞
WordPress Download Panel plugin is a tool for managing, tracking and controlling WordPress website file downloads, supports custom post types, drag-and-drop uploads, access control, etc. It allows you to set download speed, password protection and IP blocking, and provides rich download templates...
Mitsubishi Electric多款产品 安全漏洞
Mitsubishi Electric MILCO.S Setting Application and Mitsubishi Electric MILCO.S Easy Switch Application are both products of Mitsubishi Electric Japan. Mitsubishi Electric MILCO.S Setting Application is a companion software for lighting control systems.Mitsubishi Electric MILCO.S Easy Switch...
EUVD-2025-197817
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed...
CVE-2025-13288 Tenda CH22 PPTPUserSetting fromPptpUserSetting buffer overflow
A security vulnerability has been detected in Tenda CH22 1.0.0.1. This impacts the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed...
CVE-2025-13288
CVE-2025-13288 affects Tenda CH22 firmware 1.0.0.1. The vulnerability is in the fromPptpUserSetting function (file /goform/PPTPUserSetting); manipulating the delno argument triggers a buffer overflow. This condition enables remote, unauthenticated access with high impact on confidentiality, integ...
CVE-2025-41436
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
CVE-2025-41436
Mattermost versions 11.0 fail to properly enforce the "Allow users to view archived channels" setting which allows regular users to access archived channel content and files via the "Open in Channel" functionality from followed threads...
Cross-site Scripting (XSS)
Overview astro is an Astro is a modern site builder with web best practices, performance, and DX front-of-mind. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the corrected variable in the error page template when the trailingSlash configuration is set to 'always...
CVE-2025-64726
Socket Firewall (sfw) is affected for binary versions prior to 0.15.5. The vulnerability allows arbitrary code execution when run in an untrusted project directory by placing a malicious .sfw.config; loading the file populates environment variables into the Node.js process, enabling an attacker t...
CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw
Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...
CVE-2025-60700
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and librcm.so binaries. The sub4455BC function in prog.cgi stores user-supplied SetDMZSettings/IPAddress values in NVRAM via nvramsafeset"dmzipaddr", .... These values are later...
CVE-2025-40157
A flaw was found in the Linux kernel's i10nmedac driver. A local user with elevated privileges could trigger a denial of service when the driver is loaded on systems where a memory controller is disabled by the BIOS due to unpopulated memory modules DIMMs. This specific condition causes a...
CVE-2025-60698
A command injection vulnerability exists in the D-Link DIR-882 Router firmware DIR882A1FW102B02 within the prog.cgi and rc binaries. The sub432F60 function in prog.cgi stores user-supplied SetSysLogSettings/IPAddress values in NVRAM via nvramsafeset"SysLogRemoteIPAddress", .... These values are...
EUVD-2025-131921
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...
python-kdcproxy: Unauthenticated SSRF via Realm‑Controlled DNS SRV
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. This creates a server-side request forgery vulnerability, since an attacker could send a request f...