Security Vulnerabilities
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-07-18
Permissive list of allowed inputs in Microsoft Purview allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.7
EPSS Score
0.001
Published
2025-07-18
Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-07-18
Missing authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVSS Score
9.9
EPSS Score
0.001
Published
2025-07-18
Weak authentication in Azure Machine Learning allows an authorized attacker to elevate privileges over a network.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-07-18
Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network.
CVSS Score
9.0
EPSS Score
0.001
Published
2025-07-18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in versions prior to 3.4.6 in the `personalizacao_imagem.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `err` parameter. Version 3.4.6 fixes the issue.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-07-18
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the endpoint `/html/atendido/Profile_Atendido.php`, in the `idatendido` parameter. This vulnerability allow an authorized attacker to execute arbitrary SQL queries, allowing access to sensitive information. Version 3.4.6 fixes the issue.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-07-18
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been classified as critical. This affects an unknown part of the file /menu_nat.asp of the component HTTP Request Handler. The manipulation of the argument out_addr/in_addr/out_port/proto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-07-18
A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-07-18