CVE-2025-55587 - TOTOLINK A3002R Buffer Overflow DoS
CVE ID : CVE-2025-55587
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55587
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the hostname parameter at /boafrm/formMapDelDevice. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55588 - TOTOLINK A3002R Buffer Overflow Denial of Service
CVE ID : CVE-2025-55588
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55588
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain a buffer overflow in the fw_ip parameter at /boafrm/formPortFw. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55589 - TOTOLINK A3002R OS Command Injection Vulnerability
CVE ID : CVE-2025-55589
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55589
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain multiple OS command injection vulnerabilities via the macstr, bandstr, and clientoff parameters at /boafrm/formMapDelDevice.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55590 - TOTOLINK A3002R Command Injection Vulnerability
CVE ID : CVE-2025-55590
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55590
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK A3002R v4.0.0-B20230531.1404 was discovered to contain an command injection vulnerability via the component bupload.html.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55591 - TOTOLINK-A3002R Command Injection Vulnerability
CVE ID : CVE-2025-55591
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55591
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : TOTOLINK-A3002R v4.0.0-B20230531.1404 was discovered to contain a command injection vulnerability in the devicemac parameter in the formMapDel endpoint.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8098 - Lenovo PC Manager Privilege Escalation Vulnerability
CVE ID : CVE-2025-8098
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8098
Published : Aug. 18, 2025, 8:15 p.m. | 3 hours, 56 minutes ago
Description : An improper permission vulnerability was reported in Lenovo PC Manager that could allow a local attacker to escalate privileges.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41392 - Ashlar-Vellum Cobalt Unvalidated AR File Parsing Vulnerability
CVE ID : CVE-2025-41392
Published : Aug. 18, 2025, 9:15 p.m. | 2 hours, 56 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41392
Published : Aug. 18, 2025, 9:15 p.m. | 2 hours, 56 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53705 - Ashlar-Vellum Cobalt Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-53705
Published : Aug. 18, 2025, 9:15 p.m. | 2 hours, 56 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53705
Published : Aug. 18, 2025, 9:15 p.m. | 2 hours, 56 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9119 - Netis WF2419 Cross-Site Scripting Vulnerability in Wireless Settings Page
CVE ID : CVE-2025-9119
Published : Aug. 18, 2025, 9:15 p.m. | 2 hours, 56 minutes ago
Description : A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9119
Published : Aug. 18, 2025, 9:15 p.m. | 2 hours, 56 minutes ago
Description : A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46269 - Ashlar-Vellum Cobalt Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-46269
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-46269
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52584 - Ashlar-Vellum Cobalt Heap-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-52584
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52584
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing XE files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-53948 - Sante PACS Server Denial of Service (DoS)
CVE ID : CVE-2025-53948
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-53948
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54156 - Sante PACS Server Unencrypted Credential Exposure
CVE ID : CVE-2025-54156
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : The Sante PACS Server Web Portal sends credential information without encryption.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54156
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : The Sante PACS Server Web Portal sends credential information without encryption.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54759 - Sante PACS Server Stored Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-54759
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54759
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : Sante PACS Server is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54862 - Sante PACS Server Stored Cross-Site Scripting (XSS)
CVE ID : CVE-2025-54862
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54862
Published : Aug. 18, 2025, 10:15 p.m. | 1 hour, 57 minutes ago
Description : Sante PACS Server web portal is vulnerable to stored cross-site scripting. An attacker could inject malicious HTML codes redirecting a user to a malicious webpage and stealing the user's cookie.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57717 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-57717
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57717
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57718 - Apache HTTP Server SSRF
CVE ID : CVE-2025-57718
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57718
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57719 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-57719
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57719
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57720 - Apache HTTP Server Unvalidated User Input
CVE ID : CVE-2025-57720
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57720
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57721 - Apache HTTP Server Authentication Bypass
CVE ID : CVE-2025-57721
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57721
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57722 - Fortinet SSL/TLS Weak Key Generation
CVE ID : CVE-2025-57722
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57722
Published : Aug. 19, 2025, 3:15 a.m. | 57 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...