CVE-2025-24925 - OpenHarmony Memory Leaks Denial of Service Vulnerability
CVE ID : CVE-2025-24925
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-24925
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25212 - OpenHarmony Denial of Service Vulnerability
CVE ID : CVE-2025-25212
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25212
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through improper input.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-25278 - OpenHarmony TCB Race Condition Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-25278
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-25278
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-26690 - OpenHarmony NULL Pointer Dereference Denial of Service Vulnerability
CVE ID : CVE-2025-26690
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-26690
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27128 - OpenHarmony TCB Use After Free Arbitrary Code Execution
CVE ID : CVE-2025-27128
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27128
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through use after free.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27536 - OpenHarmony Type Confusion DOS
CVE ID : CVE-2025-27536
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27536
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through type confusion.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27562 - OpenHarmony DoS Memory Leak
CVE ID : CVE-2025-27562
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27562
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-27577 - Apache OpenHarmony TCB Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-27577
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27577
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in tcb through race condition.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8827 - Linksys Router Remote Os Command Injection Vulnerability
CVE ID : CVE-2025-8827
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8827
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function um_inspect_cross_band of the file /goform/RP_setBasicAuto. The manipulation of the argument staticGateway leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8828 - Linksys RE Series IPv6 Command Injection Vulnerability
CVE ID : CVE-2025-8828
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8828
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function ipv6cmd of the file /goform/setIpv6. The manipulation of the argument Ipv6PriDns/Ipv6SecDns/Ipv6StaticGateway/LanIpv6Addr/LanPrefixLen/pppoeUser/pppoePass/pppoeIdleTime/pppoeRedialPeriod/Ipv6in4_PrefixLen/LocalIpv6/RemoteIpv4/LanIPv6_Prefix/LanPrefixLen/ipv6to4Relay/ipv6rdRelay/tunrd_PrefixLen/wan_UseLinkLocal/Ipv6StaticIp/Ipv6PrefixLen leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8829 - Linksys Wireless Router OS Command Injection Vulnerability
CVE ID : CVE-2025-8829
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8829
Published : Aug. 11, 2025, 4:15 a.m. | 2 hours, 22 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function um_red of the file /goform/RP_setBasicAuto. The manipulation of the argument hname leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8830 - Linksys Router Os Command Injection Vulnerability
CVE ID : CVE-2025-8830
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8830
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function sub_3517C of the file /goform/setWan. The manipulation of the argument Hostname leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8831 - Linksys Wireless Router Remote Management Stack Buffer Overflow Vulnerability
CVE ID : CVE-2025-8831
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8831
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function remoteManagement of the file /goform/remoteManagement. The manipulation of the argument portNumber leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8854 - Bullet Physics LoadOFF Stack-based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8854
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8854
Published : Aug. 11, 2025, 5:15 a.m. | 1 hour, 23 minutes ago
Description : Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7965 - "CBX Restaurant Booking WordPress CSRF Settings Update Vulnerability"
CVE ID : CVE-2025-7965
Published : Aug. 11, 2025, 6:15 a.m. | 23 minutes ago
Description : The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7965
Published : Aug. 11, 2025, 6:15 a.m. | 23 minutes ago
Description : The CBX Restaurant Booking WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8832 - Linksys WAP Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8832
Published : Aug. 11, 2025, 6:15 a.m. | 23 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8832
Published : Aug. 11, 2025, 6:15 a.m. | 23 minutes ago
Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This vulnerability affects the function setDMZ of the file /goform/setDMZ. The manipulation of the argument DMZIPAddress leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8833 - Linksys RE Series Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-8833
Published : Aug. 11, 2025, 7:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8833
Published : Aug. 11, 2025, 7:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This issue affects the function langSwitchBack of the file /goform/langSwitchBack. The manipulation of the argument langSelectionOnly leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8834 - JCG Link-net LW-N915R Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-8834
Published : Aug. 11, 2025, 7:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack remotely.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8834
Published : Aug. 11, 2025, 7:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability has been found in JCG Link-net LW-N915R 17s.20.001.908. Affected is an unknown function of the file /wireless/basic.asp of the component Wireless Basic Settings Page. The manipulation of the argument Network Name leads to cross site scripting. It is possible to launch the attack remotely.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8835 - JasPer Jas Image Color Space Conversion Handler Null Pointer Dereference
CVE ID : CVE-2025-8835
Published : Aug. 11, 2025, 7:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8835
Published : Aug. 11, 2025, 7:15 a.m. | 3 hours, 23 minutes ago
Description : A vulnerability was found in JasPer up to 4.2.5. Affected by this vulnerability is the function jas_image_chclrspc of the file src/libjasper/base/jas_image.c of the component Image Color Space Conversion Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of the patch is bb7d62bd0a2a8e0e1fdb4d603f3305f955158c52. It is recommended to apply a patch to fix this issue.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8660 - Apache Privilege Escalation Vulnerability
CVE ID : CVE-2025-8660
Published : Aug. 11, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8660
Published : Aug. 11, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : Privilege escalation occurs when a user gets access to more resources or functionality than they are normally allowed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8661 - Apache Server Stored XSS
CVE ID : CVE-2025-8661
Published : Aug. 11, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8661
Published : Aug. 11, 2025, 8:15 a.m. | 2 hours, 23 minutes ago
Description : A stored Cross-Site Scripting vulnerability (XSS) occurs when the server does not properly validate or encode the data entered by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...