CVE-2025-11120 - Tenda AC8 SetServerConfig formSetServerConfig buffer overflow
CVE ID : CVE-2025-11120
Published : Sept. 28, 2025, 9:15 p.m. | 2 hours, 10 minutes ago
Description : A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11120
Published : Sept. 28, 2025, 9:15 p.m. | 2 hours, 10 minutes ago
Description : A weakness has been identified in Tenda AC8 16.03.34.06. The affected element is the function formSetServerConfig of the file /goform/SetServerConfig. Executing manipulation can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11121 - Tenda AC18 AdvSetLanip command injection
CVE ID : CVE-2025-11121
Published : Sept. 28, 2025, 10:15 p.m. | 1 hour, 10 minutes ago
Description : A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11121
Published : Sept. 28, 2025, 10:15 p.m. | 1 hour, 10 minutes ago
Description : A security vulnerability has been detected in Tenda AC18 15.03.05.19. The impacted element is an unknown function of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to command injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11122 - Tenda AC18 WizardHandle stack-based overflow
CVE ID : CVE-2025-11122
Published : Sept. 28, 2025, 10:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11122
Published : Sept. 28, 2025, 10:15 p.m. | 1 hour, 10 minutes ago
Description : A vulnerability was detected in Tenda AC18 15.03.05.19. This affects an unknown function of the file /goform/WizardHandle. The manipulation of the argument WANT/mtuvalue results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11123 - Tenda AC18 saveAutoQos stack-based overflow
CVE ID : CVE-2025-11123
Published : Sept. 28, 2025, 10:32 p.m. | 54 minutes ago
Description : A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11123
Published : Sept. 28, 2025, 10:32 p.m. | 54 minutes ago
Description : A flaw has been found in Tenda AC18 15.03.05.19. This impacts an unknown function of the file /goform/saveAutoQos. This manipulation of the argument enable causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11124 - code-projects Project Monitoring System postjob.php cross site scripting
CVE ID : CVE-2025-11124
Published : Sept. 28, 2025, 11:02 p.m. | 24 minutes ago
Description : A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11124
Published : Sept. 28, 2025, 11:02 p.m. | 24 minutes ago
Description : A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11125 - langleyfcu Online Banking System Error Message connection_error.php cross site scripting
CVE ID : CVE-2025-11125
Published : Sept. 29, 2025, 12:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.php of the component Error Message Handler. Performing manipulation of the argument Error results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11125
Published : Sept. 29, 2025, 12:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was found in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. Affected by this vulnerability is an unknown functionality of the file /connection_error.php of the component Error Message Handler. Performing manipulation of the argument Error results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11126 - Apeman ID71 system.ini hard-coded credentials
CVE ID : CVE-2025-11126
Published : Sept. 29, 2025, 12:15 a.m. | 3 hours, 10 minutes ago
Description : A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11126
Published : Sept. 29, 2025, 12:15 a.m. | 3 hours, 10 minutes ago
Description : A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11130 - iHongRen pptp-vpn XPC Service HelperTool.m shouldAcceptNewConnection missing authentication
CVE ID : CVE-2025-11130
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11130
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11134 - Cudy TR1200 Wireless Settings config cross site scripting
CVE ID : CVE-2025-11134
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11134
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-7698 - Generic Plus Printer Driver Out-of-bounds Read Vulnerability
CVE ID : CVE-2025-7698
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-7698
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9903 - Generic Plus Printer Driver OOB Write Vulnerability
CVE ID : CVE-2025-9903
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9903
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-9904 - Generic Plus Printer Driver Uninitialized Memory Access Vulnerability
CVE ID : CVE-2025-9904
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-9904
Published : Sept. 29, 2025, 1:15 a.m. | 2 hours, 10 minutes ago
Description : Unallocated memory access vulnerability in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11136 - YiFang CMS Backend File.php webUploader unrestricted upload
CVE ID : CVE-2025-11136
Published : Sept. 29, 2025, 2:02 a.m. | 1 hour, 24 minutes ago
Description : A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11136
Published : Sept. 29, 2025, 2:02 a.m. | 1 hour, 24 minutes ago
Description : A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11135 - pmTicket Project-Management-Software Cookie class.database.php loadLanguage deserialization
CVE ID : CVE-2025-11135
Published : Sept. 29, 2025, 2:15 a.m. | 1 hour, 10 minutes ago
Description : A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument user_id results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11135
Published : Sept. 29, 2025, 2:15 a.m. | 1 hour, 10 minutes ago
Description : A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument user_id results in deserialization. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11137 - Gstarsoft GstarCAD File Renaming cross site scripting
CVE ID : CVE-2025-11137
Published : Sept. 29, 2025, 2:32 a.m. | 54 minutes ago
Description : A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11137
Published : Sept. 29, 2025, 2:32 a.m. | 54 minutes ago
Description : A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Applying a patch is the recommended action to fix this issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11138 - mirweiye wenkucms common.php createPathOne os command injection
CVE ID : CVE-2025-11138
Published : Sept. 29, 2025, 3:02 a.m. | 24 minutes ago
Description : A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11138
Published : Sept. 29, 2025, 3:02 a.m. | 24 minutes ago
Description : A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11139 - Bjskzy Zhiyou ERP com.artery.form.services.FormStudioUpdater uploadStudioFile path traversal
CVE ID : CVE-2025-11139
Published : Sept. 29, 2025, 4:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11139
Published : Sept. 29, 2025, 4:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11140 - Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference
CVE ID : CVE-2025-11140
Published : Sept. 29, 2025, 4:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11140
Published : Sept. 29, 2025, 4:15 a.m. | 3 hours, 10 minutes ago
Description : A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-10504 - Heap Memory Corruption Vulnerability
CVE ID : CVE-2025-10504
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 11 minutes ago
Description : Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-10504
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 11 minutes ago
Description : Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
Severity: 5.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11141 - Ruijie NBR2100G-E branch_passw.php listAction os command injection
CVE ID : CVE-2025-11141
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11141
Published : Sept. 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-5200 - Postie < 1.9.71 - Admin+ Stored XSS
CVE ID : CVE-2024-5200
Published : Sept. 29, 2025, 6:15 a.m. | 1 hour, 10 minutes ago
Description : The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-5200
Published : Sept. 29, 2025, 6:15 a.m. | 1 hour, 10 minutes ago
Description : The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...