๐จ CVE-2025-12942
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-12943
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
๐@cveNotify
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-12944
Improper input validation
in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with
direct network access to the device to potentially execute code on the device.
Please check the firmware version and update to the latest.
Fixed
in:
DGN2200v4
firmware 1.0.0.132 or later
๐@cveNotify
Improper input validation
in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with
direct network access to the device to potentially execute code on the device.
Please check the firmware version and update to the latest.
Fixed
in:
DGN2200v4
firmware 1.0.0.132 or later
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
๐@cveNotify
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
๐@cveNotify
Linksys
Linksys | Networking & WiFi Technology
Experience fast, reliable, secure and easy to use WiFi when you level up with connectivity solutions made for home, business, and enterprise from Linksys.
๐จ CVE-2025-13305
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
GitHub
D-Link DWR-M960 B1 V1.01.07 - Buffer Overflow in /boafrm/formTracerouteDiagnosticRun ยท Issue #12 ยท LX-LX88/cve
NAME OF AFFECTED PRODUCT(S) D-link Router DWR-M960 B1 V1.01.07 - Buffer Overflow in /boafrm/formTracerouteDiagnosticRun Vulnerability Details Detail Information Vendor D-Link Product D-link DWR-M96...
๐จ CVE-2025-12760
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.
๐@cveNotify
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.
๐@cveNotify
Drupal.org
Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already haveโฆ
๐จ CVE-2017-1000218
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
๐@cveNotify
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
๐@cveNotify
GitHub
Security - buffer overflow ยท Issue #5 ยท hfiref0x/LightFTP
Hello, I've noticed a buffer overflow in the Unix version of LightFTP v1.1. This append in the "writelogentry" function. With this payload : python -c 'print "USER anonymous\...
๐จ CVE-2023-24042
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.
๐@cveNotify
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.
๐@cveNotify
GitHub
Race Condition for FTP commands for which a new handler thread is created while using FileName variable ยท Issue #25 ยท hfiref0x/LightFTP
Hi, There exists a race condition for commands which creates a new thread to handle while using context->FileName, examples such as RETR, MLSD. Steps to reproduce: login using a username such as...
๐จ CVE-2025-9809
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
๐@cveNotify
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
๐@cveNotify
GitHub
libretro-common/formats/cdfs/cdfs.c at master ยท libretro/libretro-common
Reusable coding blocks useful for libretro core and frontend development, written primarily in C. Permissively licensed. - libretro/libretro-common
๐จ CVE-2025-64746
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This stale reference creates a security gap: if another field is later created using the same name, it inherits the outdated permission entry. This behavior can unintentionally grant roles access to data they should not be able to read or modify. The issue is particularly risky in multi-tenant or production environments, where administrators may reuse field names, assuming old permissions have been fully cleared. Version 11.13.0 fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This stale reference creates a security gap: if another field is later created using the same name, it inherits the outdated permission entry. This behavior can unintentionally grant roles access to data they should not be able to read or modify. The issue is particularly risky in multi-tenant or production environments, where administrators may reuse field names, assuming old permissions have been fully cleared. Version 11.13.0 fixes the issue.
๐@cveNotify
GitHub
Merge from fork (#26110) ยท directus/directus@84d7636
* delete fields from permissions on delete
* fix type
* add changeset
* prettier
* fix oracle querying
* fix identifier quotation
---------
Co-authored-by: daedalus <44623501+Comforta...
* fix type
* add changeset
* prettier
* fix oracle querying
* fix identifier quotation
---------
Co-authored-by: daedalus <44623501+Comforta...
๐จ CVE-2025-64748
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue.
๐@cveNotify
GitHub
Merge from fork (#26111) ยท directus/directus@7737d56
* do not search concealed fields
* add tests
* add changeset
* reduce filter calls
* Update search.ts
* simplify check
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@u...
* add tests
* add changeset
* reduce filter calls
* Update search.ts
* simplify check
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@u...
๐จ CVE-2025-64749
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue.
๐@cveNotify
GitHub
Merge from fork (#26109) ยท directus/directus@f99c9b8
* Use the same error for non-existent collections
* unifi error creation
* changeset
* prettier
* updated changeset
* unifi error creation
* changeset
* prettier
* updated changeset
๐จ CVE-2025-13181
A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
GitHub
CVE-md/h3blog/xss4.md at main ยท caigo8/CVE-md
่ฎฐๅฝๅข้็cveๆๆกฃ. Contribute to caigo8/CVE-md development by creating an account on GitHub.
๐จ CVE-2025-13182
A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
๐@cveNotify
GitHub
CVE-md/h3blog/xss3.md at main ยท caigo8/CVE-md
่ฎฐๅฝๅข้็cveๆๆกฃ. Contribute to caigo8/CVE-md development by creating an account on GitHub.
๐จ CVE-2025-36118
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
๐@cveNotify
IBM Storage Virtualize 8.4, 8.5, 8.7, and 9.1 IKEv1 implementation allows remote attackers to obtain sensitive information from device memory via a Security Association (SA) negotiation request.
๐@cveNotify
Ibm
Security Bulletin: Vulnerability in strongswan affects IBM SAN Volume Controller, IBM Spectrum Virtualize and IBM FlashSystem products
A vulnerability in the strongswan IKEv1 implementation affects IBM Storage Virtualize products and could cause a confidentiality impact. CVE-2025-36118.
๐จ CVE-2025-64762
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication.
๐@cveNotify
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications deployed on Vercel are unaffected unless they manually enable CDN caching by setting cache headers on authenticated paths. Patched in authkit-nextjs 2.11.1, which applies anti-caching headers to all responses behind authentication.
๐@cveNotify
GitHub
Merge commit from fork ยท workos/authkit-nextjs@94cf438
* fix: prevent caching authenticated pages
Without Vary: Cookie, CDNs can't tell User A and User B apart and might
serve cached authenticated content to the wrong person.
We now set prope...
Without Vary: Cookie, CDNs can't tell User A and User B apart and might
serve cached authenticated content to the wrong person.
We now set prope...
๐จ CVE-2025-64656
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
๐@cveNotify
Out-of-bounds read in Application Gateway allows an unauthorized attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2025-64657
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
๐@cveNotify
Stack-based buffer overflow in Azure Application Gateway allows an unauthorized attacker to elevate privileges over a network.
๐@cveNotify
๐จ CVE-2025-14222
A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
๐@cveNotify
๐จ CVE-2025-14248
A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in code-projects Simple Shopping Cart 1.0. Impacted is an unknown function of the file /adminlogin.php. The manipulation of the argument admin_username leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
๐@cveNotify
๐จ CVE-2025-14249
A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
๐@cveNotify
A security flaw has been discovered in code-projects Online Ordering System 1.0. The affected element is an unknown function of the file /user_school.php. The manipulation of the argument product_id results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
๐@cveNotify