EUVD-2025-204684

A security vulnerability has been detected in Tenda WH450 1.0.0.18. Affected by this issue is some unknown functionality of the file /goform/L7Im of the component HTTP Request Handler. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely...

CVE-2025-15006

A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated...

CVE-2025-14993 Tenda AC18 HTTP Request SetDlnaCfg sprintf stack-based overflow

A vulnerability was detected in Tenda AC18 15.03.05.05. This affects the function sprintf of the file /goform/SetDlnaCfg of the component HTTP Request Handler. The manipulation of the argument scanList results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now...

CVE-2025-14993

Mode C: The CVE-2025-14993 affects Tenda AC18 v15.03.05.05 in the HTTP Request Handler’s SetDlnaCfg, where improper handling of the scanList argument in sprintf causes a stack-based buffer overflow. This vulnerability is exploitable remotely, and multiple sources indicate a public exploit exists....

PT-2025-52600

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A security issue exists in Tenda WH450 version 1.0.0.18 related to a stack-based buffer overflow. The issue is located within the HTTP Request Handler component, specifically in the file /goform/L7Im...

CVE-2025-12874

Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Quest Coexistence Manager for Notes Free/Busy Connector modules allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding CL.TE attack vector. This could allow an attacker to bypass access...

CVE-2025-68389

A flaw was found in Kibana. A low-privileged authenticated user can exploit this vulnerability by sending a specially crafted HTTP request, leading to an excessive allocation of computing resources. This can result in a denial of service DoS for the Kibana process, making the service unavailable ...

EUVD-2025-204408

Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana process via a crafted HTTP request...

Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation CAPEC-130 of memory and a denial of service DoS via crafted HTTP request...

GHSA-GPHJ-4H6P-37XQ Elasticsearch privileged authenticated users can cause DoS through Excessive Resource Allocation

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation CAPEC-130 of memory and a denial of service DoS via crafted HTTP request...

Quest Coexistence Manager for Notes 安全漏洞

Quest Coexistence Manager for Notes is a data synchronization software from Quest USA. A security vulnerability exists in Quest Coexistence Manager for Notes, which stems from an inconsistent HTTP request/response interpretation that could lead to an HTTP request entrapment attack...

CVE-2025-68422 Kibana Improper Authorization

Improper Authorization CWE-285 in Kibana can lead to privilege escalation CAPEC-233 by allowing an authenticated user to bypass intended permission restrictions via a crafted HTTP request. This allows an attacker who lacks the live queries - read permission to successfully retrieve the list of li...

CVE-2025-68386

CVE-2025-68386 — Kibana : A vulnerability described as Improper Authorization (CWE-285) could allow an authenticated user to escalate privileges by changing a document’s sharing type to “global” via a crafted HTTP request, making it visible to everyone in the space. The issue arises from insuffic...

CVE-2025-68389

CVE-2025-68389 affects Kibana (Allocation of Resources Without Limits or Throttling, CWE-770). A low-privileged authenticated user can trigger excessive resource allocation and DoS of the Kibana process via a crafted HTTP request. The vulnerability is supported by multiple sources (NVD, OSV, Red ...

Kibana 8.19.9, 9.1.9, and 9.2.3 Security Update (ESA-2025-36)

Kibana Allocation of Resources Without Limits or Throttling ESA-2025-36 Allocation of Resources Without Limits or Throttling CWE-770 in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 of computing resources and a denial of service DoS of the Kibana...

CVE-2025-14879 Tenda WH450 HTTP Request onSSIDChange stack-based overflow

A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssidindex causes stack-based buffer overflow. It is possible to initiate the attack remotely. The explo...

PT-2025-52371

Name of the Vulnerable Software and Affected Versions Kibana affected versions not specified Description An improper authorization issue exists in Kibana that can lead to privilege escalation. An authenticated user can modify a document's sharing type to "global" without the necessary permissions...

CVE-2025-65742

An unauthenticated Broken Function Level Authorization BFLA vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request...

Phpjabbers Member Login Script 环境问题漏洞

Phpjabbers Member Login Script is a Phpjabbers open source account management framework. An environmental issue vulnerability exists in Phpjabbers Member Login Script version 3.3, which stems from a client-side desynchronization vulnerability that could lead to manipulation of HTTP request...

CVE-2025-56084

OS Command Injection vulnerability in Ruijie RG-EW1800GX PRO B11P226EW1800GX-PRO10223117 allowing attackers to execute arbitrary commands via a crafted POST request to the moduleset in file /usr/local/lua/devsta/nbrcwmp.lua...