A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, affecting the wireless repeat configuration function. An authenticated remote attacker can exploit this vulnerability via the wpapsk_crypto parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public proof-of-concept code exists and exploitation is feasible, making this an actively exploitable threat requiring immediate patching.
Critical stack-based buffer overflow vulnerability in Tenda AC8 router firmware version 16.03.34.09, exploitable via the timeType parameter in the /goform/SetSysTimeCfg endpoint. An authenticated remote attacker can leverage this vulnerability to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit disclosure and confirmed proof-of-concept availability indicate active threat potential, though exploitation requires valid authentication credentials.
Critical buffer overflow vulnerability in Tenda AC5 router firmware (version 1.0/15.03.06.47) affecting the LAN IP configuration function. An authenticated attacker can remotely exploit improper input validation on the 'lanMask' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
A critical buffer overflow vulnerability exists in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 in the HTTP POST request handler for the /boafrm/formPortFw endpoint. An authenticated attacker can exploit this by manipulating the 'service_type' parameter to achieve remote code execution with high impact to confidentiality, integrity, and availability (CVSS 8.8). Public exploits are available, making this an active threat.
The Short URL WordPress plugin through version 1.6.8 contains a SQL injection vulnerability (CWE-89) in an unsanitized parameter used directly in SQL statements. This vulnerability is exploitable by low-privileged users (subscribers), allowing attackers to extract sensitive database information, modify data, or potentially execute arbitrary code. With a CVSS score of 8.8 and network-accessible attack vector requiring only low privilege level, this represents a critical risk to WordPress installations using vulnerable plugin versions.
Kafbat UI version 1.0.0 contains an unsafe deserialization vulnerability (CWE-502) that allows unauthenticated remote attackers to execute arbitrary code on affected servers with no user interaction required. This is a critical pre-authentication RCE affecting Kafka cluster management infrastructure. The vulnerability has a CVSS score of 8.9 with high impact across confidentiality, integrity, and availability; patch is available in version 1.1.0.
Directory traversal vulnerability in Allegra's extractFileFromZip method that allows authenticated attackers to execute arbitrary code on affected systems. The vulnerability stems from insufficient path validation, enabling remote code execution in the context of the running process. With a CVSS score of 8.8 and requiring only low-privilege authentication, this represents a significant risk to Allegra deployments, though exploitation requires prior authenticated access.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler for the /boafrm/formIpQoS endpoint. An authenticated remote attacker can exploit improper input validation on the 'mac' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability (CIA triad). Public exploit disclosure and proof-of-concept availability significantly elevate real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler at endpoint /boafrm/formReflashClientTbl. An authenticated remote attacker can exploit improper argument validation in the 'submit-url' parameter to achieve complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code exists and the vulnerability meets CISA KEV criteria for active exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler at endpoint /boafrm/formWsc. An authenticated remote attacker can exploit this via a malicious 'submit-url' parameter to achieve remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available, creating immediate risk for affected deployments.
Critical buffer overflow vulnerability in TOTOLINK X15 1.0.0-B20230714.1105 affecting the DMZ configuration HTTP POST handler. An authenticated attacker can exploit a malformed 'submit-url' parameter in the /boafrm/formDMZ endpoint to achieve remote code execution with full system compromise (confidentiality, integrity, and availability impact). A proof-of-concept exploit has been publicly disclosed, and the vulnerability may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with proof-of-concept code available, presenting immediate exploitation risk in production environments.
A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105, affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated attacker can exploit the unsanitized 'submit-url' parameter to trigger a buffer overflow, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit proof-of-concept available, creating immediate real-world risk.
Critical remote code execution vulnerability in GIMP's ICO file parser caused by an integer overflow (CWE-190) that lacks proper input validation. This vulnerability affects GIMP users who open malicious ICO files or visit attacker-controlled pages serving malicious images, allowing arbitrary code execution with user privileges. The CVSS score of 8.8 reflects high severity with network-accessible attack vector and required user interaction; exploitation status and active weaponization details require cross-reference with KEV/EPSS data.
A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the HTTP POST request handler in the /boafrm/formPortFw endpoint. An authenticated attacker can exploit the unsanitized 'service_type' parameter to trigger a buffer overflow, achieving remote code execution with high impact on confidentiality, integrity, and availability. Public exploit code is available and the vulnerability meets criteria for active exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formStats. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability is actively exploitable.
Critical remote buffer overflow vulnerability in TOTOLINK X15 router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler at endpoint /boafrm/formDosCfg. An authenticated attacker can exploit improper input validation of the 'submit-url' parameter to achieve buffer overflow, leading to complete system compromise including confidentiality, integrity, and availability breaches. A public proof-of-concept exploit exists, increasing real-world exploitation risk.
A critical buffer overflow vulnerability exists in TOTOLINK X15 firmware version 1.0.0-B20230714.1105 affecting the NTP configuration handler (/boafrm/formNtp). An authenticated attacker can remotely trigger a buffer overflow via the 'submit-url' parameter in HTTP POST requests, achieving remote code execution with high confidentiality, integrity, and availability impact. Public exploit code is available and the vulnerability meets active exploitation criteria.
Critical buffer overflow vulnerability in TOTOLINK X15 wireless router (firmware version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formSetLg endpoint. An authenticated attacker can exploit the 'submit-url' parameter to trigger a buffer overflow, achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code has been disclosed, making this an actively exploitable vulnerability with demonstrated proof-of-concept.
Critical buffer overflow vulnerability in TOTOLINK X15 router firmware (version 1.0.0-B20230714.1105) affecting the HTTP POST request handler for the /boafrm/formWlanRedirect endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'redirect-url' parameter to achieve arbitrary code execution with complete system compromise (confidentiality, integrity, and availability impact). The vulnerability has been publicly disclosed with exploit code available, significantly increasing real-world exploitation risk.
Command injection vulnerability affecting QNAP NAS operating systems (QTS and QuTS hero) that allows authenticated remote attackers to execute arbitrary commands with high severity (CVSS 8.8). The vulnerability requires valid user credentials but no user interaction, making it exploitable by compromised accounts or insider threats. QNAP has released patches as of March 21, 2025, and exploitation details are limited in public disclosures at this time.
A deserialization vulnerability in Teastudio (CVSS 8.8). High severity vulnerability requiring prompt remediation.
Heap-based buffer overflow vulnerability in WOLFBOX Level 2 EV Charger that allows network-adjacent attackers to execute arbitrary code without authentication. The flaw exists in the tuya_svc_devos_activate_result_parse function where insufficient validation of secKey, localKey, stdTimeZone, and devId parameters enables remote code execution. With a CVSS score of 8.8 and network-adjacent attack vector, this represents a critical risk for deployed EV charging infrastructure.
CVE-2025-33031 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. An attacker with valid user credentials can exploit insufficient SSL/TLS certificate validation to perform man-in-the-middle attacks or bypass security controls. The vulnerability has a high CVSS score of 8.8 and affects all versions of File Station 5 prior to 5.5.6.4847; patches are available from Synology.
CVE-2025-30279 is an improper certificate validation vulnerability in QNAP File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. Affected versions are below 5.5.6.4847; the vulnerability requires valid user credentials but no user interaction, making it a significant post-authentication attack vector with a CVSS score of 8.8 indicating high severity.
CVE-2025-29885 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. The vulnerability affects File Station 5 versions prior to 5.5.6.4791 and requires valid user credentials to exploit. With a CVSS score of 8.8 and a low attack complexity, this represents a significant risk to organizations running vulnerable versions, though exploitation requires prior authentication.
CVE-2025-29884 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. The vulnerability requires user-level access but enables complete system compromise with high impact across all security dimensions. No active KEV or public POC data is currently available, but the CVSS 8.8 score and low attack complexity indicate this should be prioritized for patching.
CVE-2025-29883 is an improper certificate validation vulnerability affecting Synology File Station 5 that allows authenticated remote attackers to compromise system security through man-in-the-middle attacks or credential harvesting. The vulnerability requires valid user credentials (PR:L) but can result in complete system compromise with high impact to confidentiality, integrity, and availability (CVSS 8.8). Patched versions are available for File Station 5 5.5.6.4791 and later.
CVE-2025-22486 is an improper certificate validation vulnerability in Synology File Station 5 that allows authenticated remote attackers to compromise system confidentiality, integrity, and availability. The vulnerability affects File Station 5 versions prior to 5.5.6.4791, and while it requires valid user credentials (PR:L in CVSS), the lack of user interaction requirement (UI:N) and network accessibility (AV:N) make it a high-severity threat in multi-user environments. No confirmed KEV or active exploitation data is available at this time, but the high CVSS score of 8.8 and the nature of certificate validation bypass attacks warrant immediate patching.
SQL injection vulnerability in Qsync Central that allows authenticated remote attackers to execute arbitrary code or commands with high impact on confidentiality, integrity, and availability. The vulnerability affects all versions prior to Qsync Central 4.5.0.6 (released 2025/03/20), and while no active KEV or public PoC is explicitly referenced in the provided data, the high CVSS score of 8.8 combined with low attack complexity and low privilege requirements indicates this is a serious, readily exploitable vulnerability that should be prioritized for patching.
Missing Authorization vulnerability in Rustaurius Ultimate WP Mail allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ultimate WP Mail: from n/a through 1.3.5.
Critical authentication bypass vulnerability in the 70mai A510 dashcam that exploits default credentials in the device's user account configuration. Network-adjacent attackers can bypass authentication without any credentials and achieve remote code execution with root privileges. This vulnerability presents an immediate and severe risk due to its low attack complexity, lack of user interaction requirement, and the widespread deployment of 70mai dashcams in vehicles.
CVE-2025-48906 is an authentication bypass vulnerability in the DSoftBus module that allows unauthenticated attackers on the local network to completely compromise system confidentiality, integrity, and availability without user interaction. The vulnerability affects DSoftBus implementations across multiple platforms with a CVSS score of 8.8, indicating critical severity with high exploitability potential on adjacent networks.
Critical authentication bypass vulnerability in WOLFBOX Level 2 EV Charger devices caused by uninitialized cryptographic key variables in BLE vendor-specific encrypted communications. Network-adjacent attackers can completely bypass authentication without credentials, gaining full system access (confidentiality, integrity, and availability compromise). The vulnerability (CVSS 8.8) affects encrypted BLE communications and represents a significant risk to EV charging infrastructure security, though real-world exploitation likelihood depends on proximity requirements and patch availability from WOLFBOX.
CVE-2025-41360 is an uncontrolled resource consumption vulnerability affecting IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04 that enables remote denial of service through packet flooding attacks. The vulnerability allows unauthenticated network attackers to exhaust device resources with minimal complexity, resulting in service unavailability. The high CVSS score of 8.7 reflects the critical availability impact, though exploitation requires network access and no privilege escalation is possible.
A deserialization vulnerability in ThemeGoods Photography (CVSS 8.5). High severity vulnerability requiring prompt remediation.
SQL injection vulnerability in Themefic Hydra Booking plugin versions through 1.1.10 that allows authenticated attackers to execute arbitrary SQL queries. An attacker with user-level privileges can manipulate SQL commands to extract sensitive database information, bypass authentication, or modify data without user interaction. This vulnerability has a CVSS score of 8.5 (High) and represents a significant risk to WordPress installations using affected versions of the plugin.
A remote code execution vulnerability in IDF (CVSS 8.3). High severity vulnerability requiring prompt remediation.
A Cross-Site Request Forgery (CSRF) vulnerability in Webaholicson Epicwin Plugin versions up to 1.5 allows unauthenticated attackers to perform unauthorized actions via crafted requests. While the CVE description anomalously mentions SQL Injection alongside CSRF, the CVSS vector (CWE-352: CSRF) and vector string indicate the primary threat is CSRF with consequential impacts on confidentiality (High) and availability (Low). The vulnerability requires user interaction (UI:R) and affects confidentiality significantly, making it a material risk for WordPress installations using this plugin, particularly if no active mitigation or patch is available.
CVE-2025-48911 is an improper permission assignment vulnerability in a note sharing module that allows local attackers with user interaction to compromise system availability and potentially access sensitive information. The vulnerability has a CVSS score of 8.2 (High) with a broad scope impact, though specific affected products, patch status, and exploitation telemetry are not provided in the available intelligence sources. Without KEV confirmation or EPSS data, the real-world exploitation risk cannot be definitively assessed, but the local attack vector and user interaction requirement suggest this is less critical than remote, unauthenticated vulnerabilities.
Format string vulnerability in QNAP Qsync Central that allows authenticated remote attackers to read sensitive data or modify memory without user interaction. The vulnerability affects all versions prior to Qsync Central 4.5.0.6 (released March 20, 2025), with a CVSS score of 8.1 indicating high severity. While no public exploit or KEV status is currently documented, the low attack complexity and requirement for only low-privilege user access make this a significant risk for organizations running vulnerable versions.
WebAssembly exception handling vulnerability in the arkweb v8 module that prevents proper capture of specific Wasm exception types, potentially allowing attackers to bypass security controls or trigger unexpected application behavior. The vulnerability affects arkweb's V8 integration layer and requires network access but high attack complexity to exploit. While the CVSS score of 8.1 indicates high severity with potential impacts to confidentiality, integrity, and availability, real-world exploitability depends on whether active exploitation or proof-of-concept code exists.
Critical remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices that exploits an exposed dangerous method in the Tuya communications module, allowing network-adjacent attackers to upload and execute arbitrary code despite authentication requirements. The authentication bypass mechanism combined with the exposed software upload functionality creates a high-severity attack path that can grant attackers complete control over affected EV charger installations. This vulnerability (formerly ZDI-CAN-26349) presents significant risk to vehicle charging infrastructure and connected IoT deployments relying on Tuya-based communication protocols.
Remote code execution vulnerability in WOLFBOX Level 2 EV Charger devices caused by improper frame parsing in the Microcontroller Unit (MCU) firmware. Network-adjacent attackers with valid authentication credentials can exploit a frame start detection flaw to misinterpret command input and execute arbitrary code with full device privileges. While no public exploit code or active KEV listing is confirmed from the provided data, the CVSS 8.0 score and requirement for authentication (not public network access) suggest moderate real-world exploitability; however, this should be verified against EPSS scores and vendor advisories for actual threat intelligence integration.
A cross-site scripting vulnerability (CVSS 8.0). High severity vulnerability requiring prompt remediation.
Out-of-bounds write vulnerability in Sante DICOM Viewer Pro's DCM file parsing that allows remote code execution with high severity (CVSS 7.8). The vulnerability affects users who open malicious DICOM files, enabling attackers to execute arbitrary code in the application's process context. This is a user-interaction-dependent vulnerability with local attack vector, but the ability to trigger RCE via file opening makes it practically significant for targeted attacks.
Use-after-free vulnerability in the Linux kernel's HFSC (Hierarchical Fair Service Curve) queue discipline scheduler that occurs when enqueuing packets triggers a peek operation on child qdiscs before queue accounting is updated. Local attackers with unprivileged user privileges can exploit this to cause denial of service or potentially execute code with kernel privileges. The vulnerability affects Linux kernel versions with the vulnerable HFSC implementation and has a CVSS score of 7.8 (high severity) with local attack vector requirements.
CVE-2024-13088 is an improper authentication vulnerability (CWE-287) affecting QHora/QuRouter that allows local network attackers with low privileges to compromise system confidentiality, integrity, and availability. The vulnerability requires local network access and low privileges but no user interaction, making it a significant risk for networked environments. Patch versions QuRouter 2.5.0.140 and later are available, though KEV/EPSS data and active exploitation status are not confirmed in the provided intelligence.