PT-2025-23851 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetPPTPUserList function of the file /goform/setPptpUserList. The manipulation of the list argument leads to a buffer overflow. The attack may be initiated remotely...

CVE-2025-0538

A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack...

CVE-2024-44115

The RFC enabled function module allows a low privileged user to add URLs to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces, and nodes. There is low impact on integrity of the application...

CVE-2024-51425

An issue in the WaterToken smart contract which can be run on the Ethereum blockchain allows remote attackers to have an unspecified impact. NOTE: this is disputed by third parties because the impact is limited to function calls...

CVE-2020-35979

An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gprtpbuilderdoavc in ietf/rtppckmpeg4.c...

PT-2025-22461 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0 Description: A critical vulnerability was found in the PROMPT Command Handler component of FreeFloat FTP Server, leading to a buffer overflow. This issue can be exploited remotely. The vulnerability is...

CVE-2025-3686 misstt123 oasys show image path traversal

A vulnerability classified as problematic was found in misstt123 oasys 1.0. Affected by this vulnerability is the function image of the file /show. The manipulation leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This...

CVE-2025-1335 CmsEasy file_admin.php deleteimg_action path traversal

A vulnerability, which was classified as problematic, was found in CmsEasy 7.7.7.9. Affected is the function deleteimgaction in the library lib/admin/fileadmin.php. The manipulation of the argument imgname leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

CVE-2024-46431

CVE-2024-46431 affects Tenda W18E routers (V16.01.0.8(1625)). The vulnerability is a buffer overflow in the delWewifiPic function caused by insufficient input length validation, exploitable via the web management portal by sending specially crafted data. In the connected sources, impact is descri...

PT-2024-17840 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A critical issue has been found in the function add req of the file / parse/ all edits.php. The manipulation of the argument jid/limit leads to SQL injection. The attack can be initiated...

CVE-2024-47947

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

CVE-2024-47947 Stored cross site scripting

Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function...

PT-2024-10761 · Cypress +1 · Cypress Wireless Combo Chips +1

Name of the Vulnerable Software and Affected Versions: Cypress and Broadcom Wireless Combo chips versions prior to the January 2021 firmware update Description: The issue allows memory read access via a "Spectra" attack when a January 2021 firmware update is not present. This affects specific...

PT-2024-8355 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 16.03.10.13 Description: A critical vulnerability was found in the function FUN 0044db3c of the file /goform/fast setting wifi set. The manipulation of the argument timeZone leads to a stack-based buffer overflow. The attac...

BandiView_PoC

BandiView Vulnerability Report Vulnerability 1 Vulnerab...

PT-2024-19478 · Trendnet · Trendnet Tew-815Dap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-815DAP version 1.0.2.0 Description: The issue allows for Command Injection via the do setNTP function. An authenticated attacker with administrator privileges can exploit this over the network by sending a malicious POST request...

PT-2024-25448 · Unknown · Satrya Smart Recent Posts Widget

Name of the Vulnerable Software and Affected Versions: Satrya Smart Recent Posts Widget versions 1.0.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can...

CVE-2024-4168

A vulnerability was found in Tenda 4G300 1.01.42. It has been classified as critical. This affects the function sub4260F0. The manipulation of the argument upfilen leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability...

CVE-2021-47213

CVE-2021-47213 is rejected and not an active vulnerability entry.

PT-2024-22478 · Freeimage +1 · Freeimage +1

Name of the Vulnerable Software and Affected Versions: FreeImage version 3.19.0 Description: The issue allows a local attacker to cause a denial of service DoS via the opj j2k read mct function when reading images in J2K format. Recommendations: For FreeImage version 3.19.0, consider disabling th...