CVE-2025-6143 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID : CVE-2025-6143
Published : June 16, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6143
Published : June 16, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6144 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID : CVE-2025-6144
Published : June 16, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6144
Published : June 16, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6145 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID : CVE-2025-6145
Published : June 16, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6145
Published : June 16, 2025, 11:15 p.m. | 56 minutes ago
Description : A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6151 - TP-Link TL-WR940N Buffer Overflow Vulnerability
CVE ID : CVE-2025-6151
Published : June 17, 2025, 1:15 a.m. | 2 hours, 56 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6151
Published : June 17, 2025, 1:15 a.m. | 2 hours, 56 minutes ago
Description : A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3774 - WordPress Wise Chat Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-3774
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3774
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4775 - WordPress Infinite Scroll - Ajax Load More Stored Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-4775
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4775
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5673 - WordPress Blog2Social SQL Injection Vulnerability
CVE ID : CVE-2025-5673
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5673
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : The Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress is vulnerable to SQL Injection via the ‘prgSortPostType’ parameter in all versions up to, and including, 8.4.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6152 - Steel Browser Path Traversal Vulnerability
CVE ID : CVE-2025-6152
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6152
Published : June 17, 2025, 2:15 a.m. | 1 hour, 56 minutes ago
Description : A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. The patch is named 7ba93a10000fb77ee01731478ef40551a27bd5b9. It is recommended to apply a patch to fix this issue.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-21856 - Apache Struts Cross-Site Scripting (XSS)
CVE ID : CVE-2024-21856
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-21856
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-43422 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2024-43422
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-43422
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45065 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2024-45065
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45065
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45069 - Apache HTTP Server Remote Code Execution
CVE ID : CVE-2024-45069
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45069
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-45380 - Here is a title for a vulnerability: Apache Struts Deserialization Vulnerability
CVE ID : CVE-2024-45380
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-45380
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: This candidate was in a CNA pool that was not assigned to any issues during 2024.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-49823 - Anaconda Constructor Command Injection Vulnerability
CVE ID : CVE-2025-49823
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.
Severity: 0.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-49823
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code. Although the script runs with user privileges (not root), an attacker could exploit this by injecting arbitrary commands through a malicious path during installation. Exploitation requires explicit user action. This issue has been patched in version 3.11.3.
Severity: 0.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52437 - Cisco WebEx Meeting Server Cross-Site Request Forgery (CSRF)
CVE ID : CVE-2025-52437
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52437
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52438 - Adobe Flash Remote Code Execution
CVE ID : CVE-2025-52438
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52438
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52439 - Cisco WebEx Meeting Center Unvalidated Redirect
CVE ID : CVE-2025-52439
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52439
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52440 - Cisco Webex Meeting Server Authentication Bypass
CVE ID : CVE-2025-52440
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52440
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52441 - Apache HTTP Server Cross-Site Request Forgery
CVE ID : CVE-2025-52441
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52441
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52442 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-52442
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52442
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52443 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-52443
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52443
Published : June 17, 2025, 3:15 a.m. | 56 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...