CVE-2025-60344

A path traversal directory traversal vulnerability in D-Link DSR series routers allows unauthenticated remote attackers to manipulate input parameters used for file or directory path resolution e.g., via sequences such as “../”. Successful exploitation may allow access to files outside of the...

EUVD-2024-54809

Malicious code in bioql PyPI...

CVE-2024-53287

Synology Router Manager (SRM) is affected by CVE-2024-53287: an XSS in the VPN Setting functionality where improper input neutralization during web page generation allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. Affec...

PT-2025-30520 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-11 Description: A cross-site scripting XSS issue exists in the VPN Setting functionality. This allows remote authenticated users with administrator privileges to inject arbitrary web...

CVE-2025-25250

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability CWE-200 in FortiOS version 7.6.0, version 7.4.7 and below, 7.2 all versions, 7.0 all versions, 6.4 all versions SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL...

CVE-2025-25250

FortiOS contains an Information Disclosure vulnerability (CWE-200) affecting SSL-VPN web-mode that can allow an authenticated user to view full SSL-VPN settings via a crafted URL. Affected versions include FortiOS 7.6.0, 7.4.7 and earlier, and all 7.2/7.0/6.4 releases. CVSSv3.1 base score 4.3 (Ne...

PT-2025-24717 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: FortiOS versions 6.4 and earlier FortiOS versions 7.0 and earlier FortiOS versions 7.2 and earlier FortiOS versions 7.4.7 and earlier FortiOS version 7.6.0 Description: The issue allows an authenticated user to access full SSL-VPN settings vi...

Fortinet FortiOS 信息泄露漏洞

Fortinet FortiOS is a set of security operating systems dedicated to the FortiGate network security platform from the U.S. company Fiat Fortinet. The system provides users with firewall, antivirus, IPSec/SSLVPN, Web content filtering and anti-spam and other security features. An information...

CVE-2022-46566

D-Link DIR-882 DIR882A1FW130B06, DIR-878 DIR878FW1.30B08 was discovered to contain a stack overflow via the Password parameter in the SetQuickVPNSettings module...

D-Link DIR-853 Password Parameter Buffer Overflow Vulnerability

The D-Link DIR-853 is a dual-band wireless router that supports the 802.11ac protocol and provides dual-band 2.4GHz up to 400Mbps and 5GHz up to 867Mbps network connectivity for HD video streaming and online gaming. The D-Link DIR-853 suffers from a buffer overflow vulnerability that originates...

D-Link DIR-853 PSK Parameter Buffer Overflow Vulnerability

The D-Link DIR-853 is a dual-band wireless router that supports the 802.11ac protocol and provides dual-band 2.4GHz up to 400Mbps and 5GHz up to 867Mbps network connectivity for HD video streaming and online gaming. The D-Link DIR-853 suffers from a buffer overflow vulnerability that originates...

The vulnerability in the `prog.cgi` script of the SetQuickVPNSettings module of the D-Link DIR-853 A1 router’s software allows a hacker to cause a service failure.

The vulnerability in the prog.cgi script of the SetQuickVPNSettings module of the D-Link DIR-853 A1 router operating system is related to buffer overflow during the processing of the Password parameter. Exploiting this vulnerability can allow an attacker to cause a service failure remotely...

CVE-2023-51615

D-Link DIR-X3260 prog.cgi SetQuickVPNSettings PSK Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Authentication is required to exploit this...

D-Link DIR-X3260 安全漏洞

D-Link DIR-X3260 is a Wi-Fi 6 router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-X3260 that stems from a prog.cgi SetQuickVPNSettings PSK stack-based buffer overflow remote code execution vulnerability...

The vulnerability of Mozilla VPN’s network software for clients, related to authentication procedures that allow attackers to circumvent existing security restrictions and set arbitrary VPN settings.

The vulnerability of Mozilla VPN’s network software for clients is related to deficiencies in the authentication process. Exploiting this vulnerability allows attackers to circumvent existing security restrictions and set arbitrary VPN settings...

PT-2023-8306 · D Link · D-Link Dir-X3260

Name of the Vulnerable Software and Affected Versions: D-Link DIR-X3260 affected versions not specified Description: The issue is related to a buffer overflow vulnerability in the prog.cgi component of D-Link DIR-X3260 Wi-Fi routers, allowing remote attackers to execute arbitrary code. The...

ASB-A-205460459

In onResume of AppManagementFragment.java, there is a possible way to prevent users from forgetting a previously connected VPN due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-46562

D-Link DIR-882 DIR882A1FW130B06, DIR-878 DIR878FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module...

D-Link DIR-882 缓冲区错误漏洞

D-Link DIR-882 is a wireless router from China Youxun D-Link.D-Link DIR-882 DIR882A1FW130B06 has a security vulnerability that stems from a PSK parameter found through the SetQuickVPNSettings module that contains a stack overflow. No detailed vulnerability details are currently available...

OPENSUSE-SU-2022:10088-1 Security update for opera

This update for opera fixes the following issues: Opera was updated to 89.0.4447.71 - CHR-8957 Update chromium on desktop-stable-103-4447 to 103.0.5060.134 - DNA-100492 authPrivate.storeCredentials should work with running auth session - DNA-100649 “Sign out” from settings doesn’t also sign out...