Security Vulnerabilities
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-30
Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-30
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-30
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-12-30
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-30
A vulnerability was found in Tenda W6-S 1.0.0.4(510). This affects the function TendaAte of the file /goform/ate of the component ATE Service. Performing manipulation results in os command injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVSS Score
6.3
EPSS Score
0.008
Published
2025-12-30
A vulnerability was determined in Tenda W6-S 1.0.0.4(510). This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-12-30
A vulnerability has been found in Tenda M3 1.0.0.13(4903). The impacted element is an unknown function of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-30
A flaw has been found in Tenda M3 1.0.0.13(4903). The affected element is the function formSetRemoteDhcpForAp of the file /goform/setDhcpAP. This manipulation of the argument startip/endip/leasetime/gateway/dns1/dns2 causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been published and may be used.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-30
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
3.5
EPSS Score
0.001
Published
2025-12-30