CVE-2025-12554 - Missing Security Headers
CVE ID : CVE-2025-12554
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12554
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29270 - Deep Sea Electronics DSE855 Unauthenticated Remote Command Execution
CVE ID : CVE-2025-29270
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29270
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63466 - Totolink LR350 Stack Overflow Denial of Service
CVE ID : CVE-2025-63466
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63466
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63467 - Totolink LR350 Stack Overflow Denial of Service
CVE ID : CVE-2025-63467
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63467
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_425400 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63468 - Totolink LR350 HTTP Stack Overflow Denial of Service
CVE ID : CVE-2025-63468
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63468
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host parameter in the sub_426EF8 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63469 - Totolink LR350 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-63469
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63469
Published : Oct. 31, 2025, 4:15 p.m. | 1 hour, 7 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_421BAC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6075 - Quadratic complexity in os.path.expandvars() with user-controlled template
CVE ID : CVE-2025-6075
Published : Oct. 31, 2025, 4:41 p.m. | 41 minutes ago
Description : If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6075
Published : Oct. 31, 2025, 4:41 p.m. | 41 minutes ago
Description : If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-59501 - Microsoft Configuration Manager Elevation of Privilege Vulnerability
CVE ID : CVE-2025-59501
Published : Oct. 31, 2025, 4:45 p.m. | 37 minutes ago
Description : None
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-59501
Published : Oct. 31, 2025, 4:45 p.m. | 37 minutes ago
Description : None
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63460 - Totolink A7000R Stack Overflow Denial of Service
CVE ID : CVE-2025-63460
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63460
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_4222E0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63461 - Totolink A7000R Stack Overflow Denial of Service in ssid5g Parameter
CVE ID : CVE-2025-63461
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63461
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the urldecode function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63462 - Totolink A7000R Stack Overflow Denial of Service
CVE ID : CVE-2025-63462
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63462
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff parameter in the sub_421A04 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63463 - Totolink LR350 Stack Based Buffer Overflow Denial of Service
CVE ID : CVE-2025-63463
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63463
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff parameter in the sub_4232EC function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63464 - Totolink LR350 Stack Overflow Denial of Service (DoS)
CVE ID : CVE-2025-63464
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63464
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_42396C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63465 - Totolink LR350 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-63465
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63465
Published : Oct. 31, 2025, 5:15 p.m. | 4 hours, 10 minutes ago
Description : Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid parameter in the sub_422880 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62264 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)
CVE ID : CVE-2025-62264
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId` parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62264
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Reflected cross-site scripting (XSS) vulnerability in Languauge Override in Liferay Portal 7.4.3.8 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 4 through update 92 allows remote attackers to inject arbitrary web script or HTML via the `_com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_selectedLanguageId` parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63459 - Totolink A7000R Stack Overflow Denial of Service
CVE ID : CVE-2025-63459
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63459
Published : Oct. 31, 2025, 6:15 p.m. | 3 hours, 10 minutes ago
Description : Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g parameter in the sub_421CF0 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12546 - LogicalDOC Community Edition API Key creation UI cross site scripting
CVE ID : CVE-2025-12546
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12546
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown part of the component API Key creation UI. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12547 - LogicalDOC Community Edition Admin Login login.jsp excessive authentication
CVE ID : CVE-2025-12547
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be executed remotely. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12547
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affects unknown code of the file /login.jsp of the component Admin Login Page. Such manipulation leads to improper restriction of excessive authentication attempts. The attack can be executed remotely. This attack is characterized by high complexity. It is stated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62267 - Liferay Portal/Liferay DXP Cross-Site Scripting (XSS) Vulnerability
CVE ID : CVE-2025-62267
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, or (3) Last Name text field.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62267
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : Multiple cross-site scripting (XSS) vulnerabilities in web content template’s select structure page in Liferay Portal 7.4.3.35 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 update 35 through update 92 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a user’s (1) First Name, (2) Middle Name, or (3) Last Name text field.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62618 - ELOG file upload stored XSS
CVE ID : CVE-2025-62618
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62618
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in the context of other users when they open the file. Because ELOG includes usernames and password hashes in certain HTTP requests, an attacker can obtain the target's credentials and replay them or crack the password hash offline. In ELOG 3.1.5-20251014 release, HTML files are rendered as plain text.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-63454 - Tenda AX-3 Stack Overflow Denial of Service
CVE ID : CVE-2025-63454
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-63454
Published : Oct. 31, 2025, 7:15 p.m. | 2 hours, 10 minutes ago
Description : Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in the get_parentControl_list_Info function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...