๐จ CVE-2025-63147
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
Tenda AX3 V16.03.12.10_CN was discovered to contain a stack overflow in the deviceId parameter of the saveParentControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
GitHub
VulnbyCola/Tenda/AX-3/5/1.md at main ยท 0-fool/VulnbyCola
Contribute to 0-fool/VulnbyCola development by creating an account on GitHub.
๐จ CVE-2025-63456
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the time parameter in the SetSysTimeCfg function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
GitHub
VulnbyCola/Tenda/AX-1803/3/1.md at main ยท 0-fool/VulnbyCola
Contribute to 0-fool/VulnbyCola development by creating an account on GitHub.
๐จ CVE-2025-63457
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the sub_4F55C function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
๐@cveNotify
GitHub
VulnbyCola/Tenda/AX-1803/1/1.md at main ยท 0-fool/VulnbyCola
Contribute to 0-fool/VulnbyCola development by creating an account on GitHub.
๐จ CVE-2025-63834
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the ssid parameter of the wireless settings. Remote attackers can inject malicious payloads that execute when any user visits the router's homepage.
๐@cveNotify
GitHub
cve_report/cve_report/tenda/tendaAC18/wifiset_ssid_xss/README.md at main ยท babraink/cve_report
ไธๆฅcveๆผๆดไปๅบ. Contribute to babraink/cve_report development by creating an account on GitHub.
๐จ CVE-2025-63835
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.
๐@cveNotify
A stack-based buffer overflow vulnerability was discovered in Tenda AC18 v15.03.05.05_multi. The vulnerability exists in the guestSsid parameter of the /goform/WifiGuestSet interface. Remote attackers can exploit this vulnerability by sending oversized data to the guestSsid parameter, leading to denial of service (device crash) or potential remote code execution.
๐@cveNotify
GitHub
cve_report/cve_report/tenda/tendaAC18/2_wifiguest_guestssid_overflow/README.md at main ยท babraink/cve_report
ไธๆฅcveๆผๆดไปๅบ. Contribute to babraink/cve_report development by creating an account on GitHub.
๐จ CVE-2016-15056
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.
๐@cveNotify
Ubee EVW3226 cable modem/routers firmware versions up to and including 1.0.20 store configuration backup files in the web root after they are generated for download. These backup files remain accessible without authentication until the next reboot. A remote attacker on the local network can request 'Configuration_file.cfg' directly to obtain the backup archive. Because backup files are not encrypted, they expose sensitive information including the plaintext admin password, allowing full compromise of the device.
๐@cveNotify
seclists.org
Full Disclosure: [SEARCH-LAB advisory] Ubee EVW3226 modem/router multiple vulnerabilities
๐จ CVE-2021-4465
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.
๐@cveNotify
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker through a single crafted HTTP GET request, allowing remote interruption of service availability.
๐@cveNotify
Request
[AWS] ReQuest Serious Play: Premium Multi-room Music and Movie Solutions
ReQuest: premium whole-house music and video entertainment systems for the home, office or yacht. Built-in integration with iTunes, multi-location sync, and anywhere streaming.
๐จ CVE-2025-2395
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.
๐@cveNotify
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.
๐@cveNotify
๐จ CVE-2025-2396
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
๐@cveNotify
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
๐@cveNotify
๐จ CVE-2025-30225
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of malformed transformations. When making many malformed transformation requests at once, at some point, all assets are served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of malformed transformations. When making many malformed transformation requests at once, at some point, all assets are served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
GitHub
S3 assets become unavailable after a burst of malformed transformations
### Summary
When making many malformed transformation requests at once, at some point, all assets are being served as 403.
### Details
When I was investigating this issue, I have found that af...
When making many malformed transformation requests at once, at some point, all assets are being served as 403.
### Details
When I was investigating this issue, I have found that af...
๐จ CVE-2025-30350
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of HEAD requests. Some tools use Directus to sync content and assets, and some of those tools use the HEAD method to check the existence of files. When making many HEAD requests at once, at some point, all assets are eventually served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting in version 9.22.0 and prior to version 12.0.1, corresponding to Directus starting in version 9.22.0 and prior to 11.5.0, is vulnerable to asset unavailability after a burst of HEAD requests. Some tools use Directus to sync content and assets, and some of those tools use the HEAD method to check the existence of files. When making many HEAD requests at once, at some point, all assets are eventually served as 403. This causes denial of assets for all policies of Directus, including Admin and Public. Version 12.0.1 of the `@directus/storage-driver-s3` package, corresponding to version 11.5.0 of Directus, fixes the issue.
๐@cveNotify
GitHub
S3 assets become unavailable after a burst of HEAD requests
### Summary
There's some tools that use Directus to sync content and assets.
Some of those tools use HEAD method, like Shopify, to check the existence of files.
Although, when making many HE...
There's some tools that use Directus to sync content and assets.
Some of those tools use HEAD method, like Shopify, to check the existence of files.
Although, when making many HE...
๐จ CVE-2025-56413
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.
๐@cveNotify
OS Command injection vulnerability in function OperateSSH in 1panel 2.0.8 allowing attackers to execute arbitrary commands via the operation parameter to the /api/v2/hosts/ssh/operate endpoint.
๐@cveNotify
GitHub
[CVE-2025-56413]1Panel v2.0.8 OS Command injection ยท Issue #5 ยท August829/CVEP
Yu Bao
๐จ CVE-2024-3566
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
๐@cveNotify
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied.
๐@cveNotify
GMO Flatt Security Research
BatBadBut: You can't securely execute commands on Windows
Introduction
Hello, Iโm RyotaK ( @ryotkak
), a security engineer at Flatt Security Inc.
Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditionsโฆ
Hello, Iโm RyotaK ( @ryotkak
), a security engineer at Flatt Security Inc.
Recently, I reported multiple vulnerabilities to several programming languages that allowed an attacker to perform command injection on Windows when the specific conditionsโฆ
๐จ CVE-2022-50112
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
rpmsg: qcom_smd: Fix refcount leak in qcom_smd_parse_edge
of_parse_phandle() returns a node pointer with refcount
incremented, we should use of_node_put() on it when done.
๐@cveNotify
๐จ CVE-2022-50113
In the Linux kernel, the following vulnerability has been resolved:
ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()
We should call of_node_put() for the reference before its replacement
as it returned by of_get_parent() which has increased the refcount.
Besides, we should also call of_node_put() before return.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoc: audio-graph-card2: Fix refcount leak bug in __graph_get_type()
We should call of_node_put() for the reference before its replacement
as it returned by of_get_parent() which has increased the refcount.
Besides, we should also call of_node_put() before return.
๐@cveNotify
๐จ CVE-2022-50114
In the Linux kernel, the following vulnerability has been resolved:
net: 9p: fix refcount leak in p9_read_work() error handling
p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
temporary refcount leak.
[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
net: 9p: fix refcount leak in p9_read_work() error handling
p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
temporary refcount leak.
[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]
๐@cveNotify
๐จ CVE-2022-50115
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes
We have sanity checks for byte controls and if any of the fail the locally
allocated scontrol->ipc_control_data is freed up, but not set to NULL.
On a rollback path of the error the higher level code will also try to free
the scontrol->ipc_control_data which will eventually going to lead to
memory corruption as double freeing memory is not a good thing.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoC: SOF: ipc3-topology: Prevent double freeing of ipc_control_data via load_bytes
We have sanity checks for byte controls and if any of the fail the locally
allocated scontrol->ipc_control_data is freed up, but not set to NULL.
On a rollback path of the error the higher level code will also try to free
the scontrol->ipc_control_data which will eventually going to lead to
memory corruption as double freeing memory is not a good thing.
๐@cveNotify
๐จ CVE-2025-36185
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
๐@cveNotify
IBM Db2 12.1.0 through 12.1.2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.
๐@cveNotify
Ibm
Security Bulletin: IBMยฎ Db2ยฎ is vulnerable to a denial of service due to improper neutralization of special elements in dataโฆ
IBMยฎ Db2ยฎ is vulnerable to a denial of service due to improper neutralization of special elements in data query logic.
โค1
๐จ CVE-2025-36186
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
๐@cveNotify
IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
๐@cveNotify
Ibm
Security Bulletin: IBMยฎ Db2ยฎ is vulnerable to privilege escalation under specific configurations (CVE-2025-36186)
IBMยฎ Db2ยฎ under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.
๐จ CVE-2025-27368
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.
๐@cveNotify
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. An authenticated user is able to obtain certain information about system metadata for areas beyond what the user is intended to view.
๐@cveNotify
Ibm
Security Bulletin: IBM OpenPages Vulnerable to Information Disclosure (CVE-2025-27368)
Application API vulnerability that exposes metadata for configurable fields due to insufficient access control checks in IBM OpenPages has been addressed.
๐จ CVE-2025-36223
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
๐@cveNotify
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking.
๐@cveNotify
Ibm
Security Bulletin: IBM OpenPages mitigates Host header injection vulnerability (CVE-2025-36223)
A vulnerability in IBM OpenPages could allow an attacker to manipulate the Host header in a request, potentially influencing the response data. In certain redirection scenarios, user navigation could be influenced in unintended ways, potentially leading toโฆ