π¨ CVE-2021-33162
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-00756
π¨ CVE-2025-15258
A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A weakness has been identified in Edimax BR-6208AC 1.02/1.03. Affected by this issue is the function formALGSetup of the file /goform/formALGSetup of the component Web-based Configuration Interface. This manipulation of the argument wlan-url causes open redirect. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. Edimax confirms this issue: "The product mentioned, EDIMAX BR-6208AC V2, has reached its End of Life (EOL) status. It is no longer supported or maintained by Edimax, and it is no longer available for purchase in the market. Consequently, there will be no further firmware updates or patches for this device. We recommend users upgrade to newer models for better security." This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
tzh00203 on Notion
EDIMAX BR-6208AC V2_1.02 Open Redirect Vulnerability in Web βformALGSetupβ handler | Notion
Vulnerability Title: Open Redirect in formALGSetup Function in BR-6208AC_V2_1.03 Firmware
π¨ CVE-2021-33141
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access.
π@cveNotify
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow an unauthenticated user to potentially enable denial of service via network access.
π@cveNotify
Intel
INTEL-SA-00756
π¨ CVE-2021-33142
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access.
π@cveNotify
Improper input validation in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable denial of service via local access.
π@cveNotify
Intel
INTEL-SA-00756
π¨ CVE-2021-33145
Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
π@cveNotify
Uncaught exception in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-00756
π¨ CVE-2025-13071
The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
π@cveNotify
The Custom Admin Menu WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
π@cveNotify
WPScan
Custom Admin Menu <= 1.0.0 - Reflected XSS
See details on Custom Admin Menu <= 1.0.0 - Reflected XSS CVE 2025-13071. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-10684
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .
π@cveNotify
The Construction Light WordPress theme before 1.6.8 does not have authorisation and CSRF when activating via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary .
π@cveNotify
WPScan
Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
See details on Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation CVE 2025-10684. View the latest Theme Vulnerabilities on WPScan.
π¨ CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
π@cveNotify
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
π@cveNotify
GitHub
NULL Pointer Dereference in PDO quoting
**Product:** PHP
**Version:** 8.5.0-DEV (CLI)
**CWE-ID:** CWE-476: NULL Pointer Dereference
**CVSS vector v.4.0:** 8.2 (AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)
**Description:** ...
**Version:** 8.5.0-DEV (CLI)
**CWE-ID:** CWE-476: NULL Pointer Dereference
**CVSS vector v.4.0:** 8.2 (AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N)
**Description:** ...
π¨ CVE-2019-25258
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
π@cveNotify
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
π@cveNotify
Exploit Database
LogicalDOC Enterprise 7.7.4 - Directory Traversal
LogicalDOC Enterprise 7.7.4 - Directory Traversal.. webapps exploit for Java platform
π¨ CVE-2025-65885
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.
π@cveNotify
An issue was discovered in the Delight Custom Firmware (CFW) for Nokia Symbian Belle devices on Nokia 808 (Delight v1.8), Nokia N8 (Delight v6.7), Nokia E7 (Delight v1.3), Nokia C7 (Delight v6.7), Nokia 700 (Delight v1.2), Nokia 701 (Delight v1.1), Nokia 603 (Delight v1.0), Nokia 500 (Delight v1.2), Nokia E6 (Delight v1.0), Nokia Oro (Delight v1.0), and Vertu Constellation T (Delight v1.0) allowing local attackers to inject startup scripts via crafted .txt files in the :\Data directory.
π@cveNotify
Gist
"Delightmare" - Delight CFW (custom firmware) 0 day Logic Flaw vulnerability (CVE-2025-65885)
"Delightmare" - Delight CFW (custom firmware) 0 day Logic Flaw vulnerability (CVE-2025-65885) - Delightmare.md
π¨ CVE-2025-57403
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.
π@cveNotify
Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is processed, the application concatenates the requested URL (or a portion of it) directly with a base path using os.path.join. This bypass allows directory traversal or absolute path injection, leading to the potential exposure of sensitive information.
π@cveNotify
Gist
Cola Dnslog Arbitrary File Read Vulnerability
Cola Dnslog Arbitrary File Read Vulnerability. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-66738
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
π@cveNotify
An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute arbitrary code via a crafted request the ping function of the diagnostic component.
π@cveNotify
Yealink
Yealink | UC & C Terminal, Video Collaboration, Conference Phone, IP Phone, Headsets & Video Conferencing
Yealink (Stock Code: 300628) is a global brand that specializes in video conferencing, voice communications and collaboration solutions with best-in-class quality, innovative technology and user-friendly experience. As one of the best providers in more thanβ¦
π¨ CVE-2025-67014
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
π@cveNotify
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
π@cveNotify
DEV Systemtechnik
RF Transmission & Management Systems | DEV Systemtechnik
Products and systems to transmit RF and broadband signals via coaxial cable or optical fiber. DEV equipment is made for satcom, broadcast & cable areas.
π¨ CVE-2025-66737
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.
π@cveNotify
Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged attacker can read arbitrary files via a crafted request result read function of the diagnostic component.
π@cveNotify
Yealink
Yealink | UC & C Terminal, Video Collaboration, Conference Phone, IP Phone, Headsets & Video Conferencing
Yealink (Stock Code: 300628) is a global brand that specializes in video conferencing, voice communications and collaboration solutions with best-in-class quality, innovative technology and user-friendly experience. As one of the best providers in more thanβ¦
π¨ CVE-2025-54322
Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.
π@cveNotify
Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.
π@cveNotify
PWN.AI
CVE-2025-54322 (ZERODAY) - Unauthenticated Root RCE affecting ~70,000+ Hosts
A critical zero-day vulnerability, CVE-2025-54322, has been discovered that enables Unauthenticated Root Remote Command Execution (RCE) in devices running Xspeeder's SXZOS firmware. These networking devices, primarily edge routers and SD-WAN appliances, areβ¦
π¨ CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
π@cveNotify
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
π@cveNotify
GitHub
Heap buffer overflow in array_merge()
The following PHP code triggers a reliable heap buffer overflow:
```php
$arr = range(0, 2**29);
array_merge($arr, $arr, $arr, $arr, $arr, $arr, $arr, $arr);
```
Or the general case:
```php ...
```php
$arr = range(0, 2**29);
array_merge($arr, $arr, $arr, $arr, $arr, $arr, $arr, $arr);
```
Or the general case:
```php ...
π¨ CVE-2023-5971
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
The Save as PDF Plugin by Pdfcrowd WordPress plugin before 3.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
π@cveNotify
WPScan
Save as PDF < 3.2.0 - Admin+ Stored XSS
See details on Save as PDF < 3.2.0 - Admin+ Stored XSS CVE 2023-5971. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-3406
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack
π@cveNotify
WPScan
WP Prayer <= 2.0.9 - Email Settings Update via CSRF
See details on WP Prayer <= 2.0.9 - Email Settings Update via CSRF CVE 2024-3406. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-3643
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
π@cveNotify
The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack
π@cveNotify
WPScan
Newsletter Popup <= 1.2 - List Deletion via CSRF
See details on Newsletter Popup <= 1.2 - List Deletion via CSRF CVE 2024-3643. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-9828
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks
π@cveNotify
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks
π@cveNotify
WPScan
Taskbuilder < 3.0.5 - Admin+ SQL Injection
See details on Taskbuilder < 3.0.5 - Admin+ SQL Injection CVE 2024-9828. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-10710
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
π@cveNotify
WPScan
YaDisk Files <= 1.2.5 - Admin+ Stored XSS
See details on YaDisk Files <= 1.2.5 - Admin+ Stored XSS CVE 2024-10710. View the latest Plugin Vulnerabilities on WPScan.