Security Vulnerabilities - CVEs Published In October 2025
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLogDnsquery.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-24
D-Link DIR600LAx FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetQoS.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-24
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvNetwork.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-24
Emoncms 11.7.3 is vulnerable to Cross Site in the input handling mechanism. This vulnerability allows authenticated attackers with API access to inject malicious JavaScript code that executes when administrators view the application logs.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-10-24
Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baud_rate, core, and autoreset within the /admin/upload-custom-firmware endpoint.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-10-24
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formAdvFirewall.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-10-24
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetRoute.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-24
Dell Storage Center - Dell Storage Manager, version(s) DSM 20.1.21, contain(s) a Missing Authentication for Critical Function vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVSS Score
8.6
EPSS Score
0.001
Published
2025-10-24
Dell Storage Center - Dell Storage Manager, version(s) 20.1.21, contain(s) an Improper Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. Authentication Bypass in DSM Data Collector. An unauthenticated remote attacker can access APIs exposed by ApiProxy.war in DataCollectorEar.ear by using a special SessionKey and UserId. These userid are special users created in compellentservicesapi for special purposes.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-24
Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Restriction of XML External Entity Reference vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Unauthorized access.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-10-24