Security Vulnerabilities
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-22
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-22
An issue was discovered in Shopizer 3.2.7. The server's CORS implementation reflects the client-supplied Origin header verbatim into Access-Control-Allow-Origin without any whitelist validation, while also enabling Access-Control-Allow-Credentials: true. This allows any malicious origin to make authenticated cross-origin requests and read sensitive responses.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-08-22
An issue was discovered in the changePassword method in file /usr/share/php/openmediavault/system/user.inc in OpenMediaVault 7.4.17 allowing local authenticated attackers to escalate privileges to root.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-22
IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-22
IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-08-22
QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-22
EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-08-21
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-08-21
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2025-08-21