π¨ CVE-2025-57218
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
π@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
π@cveNotify
plaid-knot-11b on Notion
Stack Buffer Overflow in /goform/WifiBasicSet via security_5g parameter. Remote attacker can execute arbitrary code with root privilegesβ¦
Vulnerability Description
π¨ CVE-2025-57215
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
π@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
π@cveNotify
plaid-knot-11b on Notion
Heap-based Buffer Overflow in function get_parentControl_list_Info via deviceId parameter. Remote attacker can execute arbitraryβ¦
Vulnerability Description
π¨ CVE-2025-57220
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
π@cveNotify
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
π@cveNotify
plaid-knot-11b on Notion
Unauthenticated Remote Root Shell via Input Validation Flaw in βateβ Service on Tenda AC10V4.0 V16.03.10.09 | Notion
Vulnerability Description
π¨ CVE-2025-9585
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
.github.io/COMFAST/N1V2/wifilith_delete_pic_file/readme.md at main Β· ZZ2266/.github.io
Contribute to ZZ2266/.github.io development by creating an account on GitHub.
π¨ CVE-2025-6203
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vaultβs auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
π@cveNotify
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vaultβs auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
π@cveNotify
HashiCorp Discuss
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads
Bulletin ID: HCSEC-2025-24 Affected Products / Versions: Vault Community Edition from 1.15.0 up to 1.20.4, fixed in 1.21.0. Vault Enterprise from 1.15.0 up to 1.20.4, 1.19.10, 1.18.15, and 1.16.26, fixed in 1.21.0, 1.20.5, 1.19.11, and 1.16.27 Publicationβ¦
π¨ CVE-2025-58058
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.
π@cveNotify
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA header doesn't include a magic number or has a checksum to detect such an issue according to the specification. Note that the code recognizes the issue later while reading the stream, but at this time the memory allocation has already been done. This issue has been patched in version 0.5.14.
π@cveNotify
GitHub
Address Security Issue GHSA-jc7w-c686-c4v9 Β· ulikunitz/xz@88ddf1d
This commit addresses security issue GHSA-jc7w-c686-c4v9.
The mitigating measures are described for the Reader type and I added a
TestZeroPrefixIssue function to test the mitigations.
// # Securi...
The mitigating measures are described for the Reader type and I added a
TestZeroPrefixIssue function to test the mitigations.
// # Securi...
π¨ CVE-2025-58061
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The rawfile-localpv storage class creates persistent volume data under /var/csi/rawfile/ on Kubernetes hosts by default. However, the directory and data in it are world-readable. It allows non-privileged users to access the whole persistent volume data, and those can include sensitive information such as a whole database if the Kubernetes tenants are running MySQL or PostgreSQL in a container so it could lead to a database breach. This issue has been patched in version 0.10.0.
π@cveNotify
OpenEBS Local PV RawFile allows dynamic deployment of Stateful Persistent Node-Local Volumes & Filesystems for Kubernetes. Prior to version 0.10.0, persistent volume data is world readable and that would allow non-privileged users to access sensitive data such as databases of k8s workload. The rawfile-localpv storage class creates persistent volume data under /var/csi/rawfile/ on Kubernetes hosts by default. However, the directory and data in it are world-readable. It allows non-privileged users to access the whole persistent volume data, and those can include sensitive information such as a whole database if the Kubernetes tenants are running MySQL or PostgreSQL in a container so it could lead to a database breach. This issue has been patched in version 0.10.0.
π@cveNotify
GitHub
Persistent volume data are world readable and that would allow non-privileged users to access sensitive data such as databasesβ¦
### Summary
Downstream advisory: https://github.com/canonical/k8s-snap/security/advisories/GHSA-5547-57qq-wmgw (private)
The rawfile-localpv (https://github.com/openebs/rawfile-localpv) stora...
Downstream advisory: https://github.com/canonical/k8s-snap/security/advisories/GHSA-5547-57qq-wmgw (private)
The rawfile-localpv (https://github.com/openebs/rawfile-localpv) stora...
π¨ CVE-2025-9589
A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was determined in Cudy WR1200EA 2.3.7-20250113-121810. Affected is an unknown function of the file /etc/shadow. Executing manipulation can lead to use of default password. The attack needs to be launched locally. A high complexity level is associated with this attack. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
.github.io/Cudy at main Β· ZZ2266/.github.io
Contribute to ZZ2266/.github.io development by creating an account on GitHub.
π¨ CVE-2025-9590
A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was identified in Weaver E-Mobile Mobile Management Platform up to 20250813. Affected by this vulnerability is an unknown functionality. The manipulation of the argument gohome leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
pocccc/poc.md at main Β· Lee0568/pocccc
Contribute to Lee0568/pocccc development by creating an account on GitHub.
π¨ CVE-2025-9591
A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security vulnerability has been detected in ZrLog up to 3.1.5. This vulnerability affects unknown code of the file /api/admin/template/config of the component Theme Configuration Form. Such manipulation of the argument footerLink leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
GitHub zrlog-3.1.6 TemplateConfig/onFinish XSS Β· Issue #3 Β· SaaS5SaaS/CVE
BUG Author: SaaS5SaaS Affected Version: zrlog-3.1.6 Vendor: https://github.com/94fzb/zrlog Software: https://github.com/94fzb/zrlog/archive/refs/tags/v3.1.6.zip Vulnerability Path/Feature: Vulnerab...
π¨ CVE-2025-9592
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in itsourcecode Apartment Management System 1.0. This issue affects some unknown processing of the file /report/bill_info.php. Performing manipulation of the argument vid results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
π@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /report/bill_info.php SQL injection Β· Issue #3 Β· pjy2004/cve
itsourcecode Apartment Management System Project V1.0 /report/bill_info.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com/free-proje...
β€1
β€1
β€1
β€1
β€1
β€1
π¨ CVE-2025-48979
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
π@cveNotify
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
π@cveNotify
π¨ CVE-2025-9595
A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. The attack may be performed from a remote location. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in code-projects Student Information Management System 1.0. The impacted element is an unknown function of the file /login.php. The manipulation of the argument uname results in cross site scripting. The attack may be performed from a remote location. The exploit has been made public and could be used.
π@cveNotify
π¨ CVE-2025-9596
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in itsourcecode Sports Management System 1.0. This affects an unknown function of the file /login.php. This manipulation of the argument User causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
itsourcecode Sports Management System Project V1.0 /login.php SQL injection Β· Issue #55 Β· zzb1388/cve
itsourcecode Sports Management System Project V1.0 /login.php SQL injection NAME OF AFFECTED PRODUCT(S) Sports Management System Vendor Homepage https://itsourcecode.com/free-projects/php-project/s...
π¨ CVE-2025-9597
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /o_dashboard/rented_all_info.php SQL injection Β· Issue #54 Β· zzb1388/cve
itsourcecode Apartment Management System Project V1.0 /o_dashboard/rented_all_info.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com...