CVE-2025-69647 - Apache GNU Binutils Denial-of-Service
CVE ID :CVE-2025-69647
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69647
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69648 - Apache GNU Binutils Denial-of-Service Vulnerability
CVE ID :CVE-2025-69648
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69648
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debug_rnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a non-terminating output loop that requires manual interruption. No evidence of memory corruption or code execution was observed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70059 - YMFE yapi Uncontrolled Resource Consumption Vulnerability
CVE ID :CVE-2025-70059
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70059
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70238 - D-Link DIR-513 Stack Buffer Overflow Vulnerability
CVE ID :CVE-2025-70238
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70238
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70243 - D-Link DIR-513 Stack Buffer Overflow
CVE ID :CVE-2025-70243
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70243
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70250 - D-Link DIR-513 Buffer Overflow Vulnerability
CVE ID :CVE-2025-70250
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70250
Published : March 9, 2026, 3:15 p.m. | 22 minutes ago
Description :Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-14027 - xattr: switch to CLASS(fd)
CVE ID :CVE-2024-14027
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2024-14027
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :In the Linux kernel, the following vulnerability has been resolved: fs/xattr: missing fdput() in fremovexattr error path In the Linux kernel, the fremovexattr() syscall calls fdget() to acquire a file reference but returns early without calling fdput() when strncpy_from_user() fails on the name argument. In multi-threaded processes where fdget() takes the slow path, this permanently leaks one file reference per call, pinning the struct file and associated kernel objects in memory. An unprivileged local user can exploit this to cause kernel memory exhaustion. The issue was inadvertently fixed by commit a71874379ec8 ("xattr: switch to CLASS(fd)").
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70040 - LupinLin1 jimeng-web-mcp Sensitive Information Disclosure
CVE ID :CVE-2025-70040
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70040
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-532: Insertion of Sensitive Information into Log File was discovered in LupinLin1 jimeng-web-mcp v2.1.2. This allows an attacker to obtain sensitive information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70042 - ThermaKube oslabs-beta Server-Side Request Forgery Vulnerability
CVE ID :CVE-2025-70042
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70042
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70046 - Miazzy oa-front-service Untrusted Control Sphere Inclusion Vulnerability
CVE ID :CVE-2025-70046
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70046
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-829: Inclusion of Functionality from Untrusted Control Sphere was discovered in Miazzy oa-front-service master.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70047 - Nexusoft NexusInterface Resource Consumption Vulnerability
CVE ID :CVE-2025-70047
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70047
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70048 - Nexusoft NexusInterface Unencrypted Sensitive Data Transmission Vulnerability
CVE ID :CVE-2025-70048
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70048
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70050 - Lesspass Cleartext Storage of Sensitive Information Vulnerability
CVE ID :CVE-2025-70050
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70050
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-312: Cleartext Storage of Sensitive Information was discovered in lesspass lesspass v9.6.9 which allows attackers to obtain sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70060 - YMFE Yapi Cross-Site Scripting (XSS)
CVE ID :CVE-2025-70060
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70060
Published : March 9, 2026, 4:16 p.m. | 3 hours, 22 minutes ago
Description :An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in YMFE yapi v1.12.0.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25866 - MobaXterm < 26.1 Notepad++ Unquoted Service Path
CVE ID :CVE-2026-25866
Published : March 9, 2026, 4:16 p.m. | 3 hours, 21 minutes ago
Description :MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25866
Published : March 9, 2026, 4:16 p.m. | 3 hours, 21 minutes ago
Description :MobaXterm versions prior to 26.1 contain an uncontrolled search path element vulnerability. The application calls WinExec to execute Notepad++ without a fully qualified executable path when opening remote files. An attacker can exploit the search path behavior by placing a malicious executable earlier in the search order, resulting in arbitrary code execution in the context of the affected user.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3588 - Server-Side Request Forgery (SSRF) in ikea dirigera
CVE ID :CVE-2026-3588
Published : March 9, 2026, 4:16 p.m. | 3 hours, 21 minutes ago
Description :A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3588
Published : March 9, 2026, 4:16 p.m. | 3 hours, 21 minutes ago
Description :A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-15568 - Command Injection Vulnerability on TP-Link Archer AXE75
CVE ID :CVE-2025-15568
Published : March 9, 2026, 5:16 p.m. | 2 hours, 22 minutes ago
Description :A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-15568
Published : March 9, 2026, 5:16 p.m. | 2 hours, 22 minutes ago
Description :A command injection vulnerability was identified in the web module of Archer AXE75 v1.6/v1.0 router. An authenticated attacker with adjacent-network access may be able to perform remote code execution (RCE) when the router is configured with sysmode=ap. Successful exploitation results in root-level privileges and impacts confidentiality, integrity and availability of the device. This issue affects Archer AXE75 v1.6/v1.0: through 1.3.2 Build 20250107.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70037 - Linagora Twake URL Redirection to Untrusted Site Vulnerability
CVE ID :CVE-2025-70037
Published : March 9, 2026, 5:16 p.m. | 2 hours, 22 minutes ago
Description :An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70037
Published : March 9, 2026, 5:16 p.m. | 2 hours, 22 minutes ago
Description :An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora Twake v2023.Q1.1223. This allows attackers to obtain sensitive information and execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70033 - SunbirdEd Stored Cross-Site Scripting (XSS)
CVE ID :CVE-2025-70033
Published : March 9, 2026, 6:16 p.m. | 1 hour, 22 minutes ago
Description :An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70033
Published : March 9, 2026, 6:16 p.m. | 1 hour, 22 minutes ago
Description :An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in Sunbird-Ed SunbirdEd-portal v1.13.4.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70034 - MSCDEX SSH2 Regular Expression Complexity Vulnerability
CVE ID :CVE-2025-70034
Published : March 9, 2026, 6:16 p.m. | 1 hour, 22 minutes ago
Description :An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70034
Published : March 9, 2026, 6:16 p.m. | 1 hour, 22 minutes ago
Description :An issue pertaining to CWE-1333: Inefficient Regular Expression Complexity (4.19) was discovered in mscdex ssh2 v1.17.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-70038 - Linagora Twake Cross-Site Scripting (XSS)
CVE ID :CVE-2025-70038
Published : March 9, 2026, 6:16 p.m. | 1 hour, 22 minutes ago
Description :An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-70038
Published : March 9, 2026, 6:16 p.m. | 1 hour, 22 minutes ago
Description :An issue pertaining to CWE-79: Improper Neutralization of Input During Web Page Generation was discovered in linagora Twake v2023.Q1.1223. This allows attackers to execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...