CVE-2025-42965

SAP CMC Promotion Management allows an authenticated attacker to enumerate internal network systems by submitting crafted requests during job source configuration. By analysing response times for various IP addresses and ports, the attacker can infer valid network endpoints. Successful exploitati...

Microsoft Windows Routing and Remote Access Service 安全漏洞

Microsoft Windows Routing and Remote Access Service is a network service from Microsoft Corporation USA that is used to perform functions such as network routing, virtual private networks VPNs, and dial-up connections. A security vulnerability exists in Microsoft Windows Routing and Remote Access...

CVE-2025-7117 UTT HiPER 840G websWhiteList buffer overflow

A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been...

CVE-2025-53171

Huawei HarmonyOS is affected by a stack overflow risk when parsing vector images during file preview. The vulnerability is described for HarmonyOS versions 5.0.1 and 5.1.0 and is exploited via the file preview function. Several sources confirm the issue and note the impact as related to file prev...

Exploit for CVE-2025-32023

CVE-2025-32023 PoC & Exploit for CVE-2025-32023 GHSA-rp2m-q...

CVE-2025-6752

A vulnerability has been found in Linksys WRT1900ACS, EA7200, EA7450 and EA7500 up to 20250619 and classified as critical. This vulnerability affects the function SetDefaultConnectionService of the file /upnp/control/Layer3Forwarding of the component IGD. The manipulation of the argument...

freeSSHd 1.0.9 - Denial of Service (DoS)

Exploit Title: freeSSHd 1.0.9 - Denial of Service DoS Date: 2024-01-13 Discovery by: Fernando Mengali Linkedin: https://www.linkedin.com/in/fernando-mengali/ Software Link: https://www.exploit-db.com/apps/be82447d556d60db55053d658b4822a8-freeSSHd.exe Version: 1.0.9 Tested on: Window XP Profession...

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Citrix has released security updates to address a critical flaw affecting NetScaler ADC that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-6543 , carries a CVSS score of 9.2 out of a maximum of 10.0. It has been described as a case of memory overflow that could...

CVE-2025-48463

Successful exploitation of the vulnerability could allow an attacker to intercept data and conduct session hijacking on the exposed data as the vulnerable product uses unencrypted HTTP communication, potentially leading to unauthorised access or data tampering...

CVE-2025-6401

CVE-2025-6401 affects TOTOLINK N300RH (version 6.1c.1390 B20191101). The issue resides in the HTTP POST Message Handler, specifically the file /boafrm/formFilter, where manipulation of the url parameter leads to a denial of service. Exploitation has been disclosed publicly per multiple sources. P...

CVE-2025-49970

Missing Authorization vulnerability in sparklewpthemes Hello FSE Blog hello-fse-blog allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE Blog: from n/a through = 1.0.6...

PT-2025-28194 · Gnu +1 · Gpac +1

Уязвимость функции gf dash group get audio channels media tools/dash client.c утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием указателей при обработке DASH-манифестов. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код или вызвать отказ в обслужива...

CVE-2025-4404

CVE-2025-4404/7493 describe a privilege-escalation in FreeIPA: failure to validate the uniqueness of krbCanonicalName (admin@REALM, later root@REALM in some advisories) allows creation of services with the realm admin name and obtaining a Kerberos ticket that authenticates as admin, enabling admi...

CVE-2025-30220 GeoTools, GeoServer, and GeoNetwork XML External Entity (XXE) Processing Vulnerability in XSD schema handling

GeoServer is an open source server that allows users to share and edit geospatial data. GeoTools Schema class use of Eclipse XSD library to represent schema data structure is vulnerable to XML External Entity XXE exploit. This impacts whoever exposes XML processing with gt-xsd-core involved in...

BIT-MARIADB-MIN-2021-46669

MariaDB through 10.5.9 allows attackers to trigger a convertconsttoint use-after-free when the BIGINT data type is used...

CVE-2025-5910

TOTOLINK EX1200T (up to version 4.1.2cu.5232_B20210713) is affected by a buffer overflow in the HTTP POST Request Handler’s /boafrm/formWsc functionality. The vulnerability enables remote exploitation leading to potential arbitrary code execution or disruption, as described across multiple source...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 - Request-Baskets SSRF Proof of Concept This i...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 - Request-Baskets SSRF Proof of Concept This i...

PT-2025-24048 · Sourcecodester · Sourcecodester Open Source Clinic Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Open Source Clinic Management System version 1.0 Description: A critical issue was found in the /manage website.php file, affecting unknown code. The manipulation of the website image argument leads to unrestricted upload. The...

CVE-2025-5297

A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached...