๐จ CVE-2025-24990
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
๐@cveNotify
Microsoft is aware of vulnerabilities in the third party Agere Modem driver that ships natively with supported Windows operating systems. This is an announcement of the upcoming removal of ltmdm64.sys driver. The driver has been removed in the October cumulative update.
Fax modem hardware dependent on this specific driver will no longer work on Windows.
Microsoft recommends removing any existing dependencies on this hardware.
๐@cveNotify
๐จ CVE-2025-63709
A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.
๐@cveNotify
A Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of any user who views the task, allowing execution of arbitrary script in the context of the victim's browser.
๐@cveNotify
GitHub
CVE-Research-2025/CVE-2025-63709 at main ยท floccocam-cpu/CVE-Research-2025
Contribute to floccocam-cpu/CVE-Research-2025 development by creating an account on GitHub.
๐จ CVE-2025-63712
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.
๐@cveNotify
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection.
๐@cveNotify
GitHub
CVE-Research-2025/CVE-2025-63712/README4.md at main ยท floccocam-cpu/CVE-Research-2025
Contribute to floccocam-cpu/CVE-Research-2025 development by creating an account on GitHub.
๐จ CVE-2025-63147
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
GitHub
VulnbyCola/Tenda/AX-3/5/1.md at main ยท 0-fool/VulnbyCola
Contribute to 0-fool/VulnbyCola development by creating an account on GitHub.
๐จ CVE-2025-63456
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
GitHub
VulnbyCola/Tenda/AX-1803/3/1.md at main ยท 0-fool/VulnbyCola
Contribute to 0-fool/VulnbyCola development by creating an account on GitHub.
๐จ CVE-2025-63457
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
GitHub
VulnbyCola/Tenda/AX-1803/1/1.md at main ยท 0-fool/VulnbyCola
Contribute to 0-fool/VulnbyCola development by creating an account on GitHub.
๐จ CVE-2025-63834
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.
๐@cveNotify
GitHub
cve_report/cve_report/tenda/tendaAC18/wifiset_ssid_xss/README.md at main ยท babraink/cve_report
ไธๆฅcveๆผๆดไปๅบ. Contribute to babraink/cve_report development by creating an account on GitHub.
๐จ CVE-2025-63835
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.
๐@cveNotify
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.
๐@cveNotify
GitHub
cve_report/cve_report/tenda/tendaAC18/2_wifiguest_guestssid_overflow/README.md at main ยท babraink/cve_report
ไธๆฅcveๆผๆดไปๅบ. Contribute to babraink/cve_report development by creating an account on GitHub.
๐จ CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.
๐@cveNotify
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.
๐@cveNotify
seclists.org
Full Disclosure: [SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities
๐จ CVE-2021-4465
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.
๐@cveNotify
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.
๐@cveNotify
Request
[AWS] ReQuest Serious Play: Premium Multi-room Music and Movie Solutions
ReQuest: premium whole-house music and video entertainment systems for the home, office or yacht. Built-in integration with iTunes, multi-location sync, and anywhere streaming.
๐จ CVE-2025-2395
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.
๐@cveNotify
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.
๐@cveNotify
๐จ CVE-2025-2396
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
๐@cveNotify
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
๐@cveNotify
๐จ CVE-2025-30225
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of malformed transformations. When making many malformed transformation requests at once, at some point, all assets are served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of malformed transformations. When making many malformed transformation requests at once, at some point, all assets are served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
GitHub
S3 assets become unavailable after a burst of malformed transformations
### Summary
When making many malformed transformation requests at once, at some point, all assets are being served as 403.
### Details
When I was investigating this issue, I have found that af...
When making many malformed transformation requests at once, at some point, all assets are being served as 403.
### Details
When I was investigating this issue, I have found that af...
๐จ CVE-2025-30350
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of HEAD requests. Some tools use Directus to sync content and assets, and some of those tools use the HEAD method to check the existence of files. When making many HEAD requests at once, at some point, all assets are eventually served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of HEAD requests. Some tools use Directus to sync content and assets, and some of those tools use the HEAD method to check the existence of files. When making many HEAD requests at once, at some point, all assets are eventually served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
GitHub
S3 assets become unavailable after a burst of HEAD requests
### Summary
There's some tools that use Directus to sync content and assets.
Some of those tools use HEAD method, like Shopify, to check the existence of files.
Although, when making many HE...
There's some tools that use Directus to sync content and assets.
Some of those tools use HEAD method, like Shopify, to check the existence of files.
Although, when making many HE...
๐จ CVE-2025-56413
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.
๐@cveNotify
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.
๐@cveNotify
GitHub
[CVE-2025-56413]1Panel v2.0.8 OS Command injection ยท Issue #5 ยท August829/CVEP
Yu Bao
๐จ CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
๐@cveNotify
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
๐@cveNotify
GMO Flatt Security Research
BatBadBut: You can't securely execute commands on Windows
Introduction
Hello, Iโm RyotaK ( @ryotkak
), a security engineer at Flatt Security Inc.
Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditionsโฆ
Hello, Iโm RyotaK ( @ryotkak
), a security engineer at Flatt Security Inc.
Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditionsโฆ
๐จ CVE-2022-50112
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
๐@cveNotify
๐จ CVE-2022-50113
In the Linux kernel, the following vulnerability has been resolved:
ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()
We should call of_node_put() for the reference before its replacement
as it returned by of_get_parent() which has increased the refcount.
Besides, we should also call of_node_put() before return.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()
We should call of_node_put() for the reference before its replacement
as it returned by of_get_parent() which has increased the refcount.
Besides, we should also call of_node_put() before return.
๐@cveNotify
๐จ CVE-2022-50114
In the Linux kernel, the following vulnerability has been resolved:
net: 9p: fix refcount leak in p9_read_work() error handling
p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
temporary refcount leak.
[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
net: 9p: fix refcount leak in p9_read_work() error handling
p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
temporary refcount leak.
[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]
๐@cveNotify
๐จ CVE-2022-50115
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes
We have sanity checks for byte controls and if any of the fail the locally
allocated scontrol->ipc_control_data is freed up, but not set to NULL.
On a rollback path of the error the higher level code will also try to free
the scontrol->ipc_control_data which will eventually going to lead to
memory corruption as double freeing memory is not a good thing.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes
We have sanity checks for byte controls and if any of the fail the locally
allocated scontrol->ipc_control_data is freed up, but not set to NULL.
On a rollback path of the error the higher level code will also try to free
the scontrol->ipc_control_data which will eventually going to lead to
memory corruption as double freeing memory is not a good thing.
๐@cveNotify
๐จ CVE-2025-36185
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
๐@cveNotify
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
๐@cveNotify
Ibm
Security Bulletin: IBMยฎ Db2ยฎ is vulnerable to a denial of service due to improper neutralization of special elements in dataโฆ
IBMยฎ Db2ยฎ is vulnerable to a denial of service due to improper neutralization of special elements in data query logic.
โค1