π¨ CVE-2025-15229
A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Tenda CH22 V1.0.0.1 Router Denial of Service in fromDhcpListClient function Β· Issue #7 Β· master-abc/cve
Overview Firmware download website: https://www.tenda.com.cn/material/show/1367 Affected Version VERSION(S) CH22 v1.0.0.1 Submitter USTC_BUG_Hunter Vulnerability details A Denial of Service (DoS) v...
π¨ CVE-2025-15230
A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
π@cveNotify
GitHub
CVEs/Tenda/setVlanPolicy.md at main Β· dwBruijn/CVEs
My most recent CVEs. Contribute to dwBruijn/CVEs development by creating an account on GitHub.
π¨ CVE-2025-15231
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in Tenda M3 1.0.0.13(4903). This affects the function formSetRemoteVlanInfo of the file /goform/setVlanInfo. Executing manipulation of the argument ID/vlan/port can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
CVEs/Tenda/setRemoteVlanInfo.md at main Β· dwBruijn/CVEs
My most recent CVEs. Contribute to dwBruijn/CVEs development by creating an account on GitHub.
π¨ CVE-2023-36377
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.
π@cveNotify
Buffer Overflow vulnerability in mtrojnar osslsigncode v.2.3 and before allows a local attacker to execute arbitrary code via a crafted .exe, .sys, and .dll files.
π@cveNotify
GitHub
Comparing 2.2...2.3 Β· mtrojnar/osslsigncode
OpenSSL-based Authenticode signing for PE, CAB, CAT, MSI, APPX, and script file - Comparing 2.2...2.3 Β· mtrojnar/osslsigncode
π¨ CVE-2025-15232
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
CVEs/Tenda/setAdPushInfo.md at main Β· dwBruijn/CVEs
My most recent CVEs. Contribute to dwBruijn/CVEs development by creating an account on GitHub.
π¨ CVE-2025-15233
A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in Tenda M3 1.0.0.13(4903). This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemUID results in heap-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
CVEs/Tenda/setAdInfoDetail.md at main Β· dwBruijn/CVEs
My most recent CVEs. Contribute to dwBruijn/CVEs development by creating an account on GitHub.
π¨ CVE-2025-15355
ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
π@cveNotify
ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
π@cveNotify
π¨ CVE-2025-15103
DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
π@cveNotify
DVP-12SE11T - Authentication Bypass via Partial Password Disclosure
π@cveNotify
π¨ CVE-2025-15234
A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Tenda M3 1.0.0.13(4903). Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
CVEs/Tenda/setRemoteInternetLanInfo.md at main Β· dwBruijn/CVEs
My most recent CVEs. Contribute to dwBruijn/CVEs development by creating an account on GitHub.
π¨ CVE-2025-15241
A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended.
π@cveNotify
A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended.
π@cveNotify
GitHub
GitHub - Stolichnayer/cloudpanel-open-redirect: CloudPanel CE β€ v2.5.1 contains an Open Redirect vulnerability in the /admin/usersβ¦
CloudPanel CE β€ v2.5.1 contains an Open Redirect vulnerability in the /admin/users endpoint due to improper validation of the Referer header. - Stolichnayer/cloudpanel-open-redirect
π¨ CVE-2025-15242
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in PHPEMS up to 11.0. The impacted element is an unknown function of the component Coupon Handler. Performing manipulation results in race condition. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is regarded as difficult. The exploit is now public and may be used.
π@cveNotify
Byebyedoggy
1229 PHPEMS Coupon Recharge Race Condition Poc
Vulnerability Information\rItem Details Vulnerability Name PHPEMS Coupon Recharge Race Condition Vulnerability Affected Versions PHPEMS 11.0 and earlier Type Logic Flaw Severity Medium Reproduction Environment\rTest Site: Local deployment Source Code Setup:β¦
π¨ CVE-2025-15243
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
π¨ CVE-2025-15244
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in PHPEMS up to 11.0. This impacts an unknown function of the component Purchase Request Handler. The manipulation leads to race condition. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is said to be difficult. The exploit has been disclosed to the public and may be used.
π@cveNotify
Byebyedoggy
1229 PHPEMS Points Race Condition POC
Vulnerability Information\rItem Details Vulnerability Name PHPEMS Points Concurrent Usage Race Condition Vulnerability Affected Versions PHPEMS 11.0 and earlier Type Logic Flaw Severity Medium Reproduction Environment\rTest Site: Local deployment Source Codeβ¦
π¨ CVE-2025-15245
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
tzh00203 on Notion
D-Link DCS850L v1.02.09 Path Traversal Vulnerability in Firmware Update | Notion
Vulnerability Title: Path Traversal and Command Injection Vulnerabilities in Firmware Upload Service of D-Link DCS-850L v1.02.09
π₯1
π¨ CVE-2022-50784
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone
If cloning the SKB fails, don't try to use it, but rather return
as if we should pass it.
Coverity CID: 1503456
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone
If cloning the SKB fails, don't try to use it, but rather return
as if we should pass it.
Coverity CID: 1503456
π@cveNotify
π¨ CVE-2022-50785
In the Linux kernel, the following vulnerability has been resolved:
fsi: occ: Prevent use after free
Use get_device and put_device in the open and close functions to
make sure the device doesn't get freed while a file descriptor is
open.
Also, lock around the freeing of the device buffer and check the
buffer before using it in the submit function.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
fsi: occ: Prevent use after free
Use get_device and put_device in the open and close functions to
make sure the device doesn't get freed while a file descriptor is
open.
Also, lock around the freeing of the device buffer and check the
buffer before using it in the submit function.
π@cveNotify
π¨ CVE-2022-50786
In the Linux kernel, the following vulnerability has been resolved:
media: s5p-mfc: Clear workbit to handle error condition
During error on CLOSE_INSTANCE command, ctx_work_bits was not getting
cleared. During consequent mfc execution NULL pointer dereferencing of
this context led to kernel panic. This patch fixes this issue by making
sure to clear ctx_work_bits always.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
media: s5p-mfc: Clear workbit to handle error condition
During error on CLOSE_INSTANCE command, ctx_work_bits was not getting
cleared. During consequent mfc execution NULL pointer dereferencing of
this context led to kernel panic. This patch fixes this issue by making
sure to clear ctx_work_bits always.
π@cveNotify
π¨ CVE-2023-54162
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix possible memory leak in smb2_lock()
argv needs to be free when setup_async_work fails or when the current
process is woken up.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix possible memory leak in smb2_lock()
argv needs to be free when setup_async_work fails or when the current
process is woken up.
π@cveNotify