Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the /boafrm/formSysLog HTTP POST handler. An authenticated attacker can exploit improper input validation on the 'submit-url' parameter to achieve buffer overflow, leading to remote code execution with complete system compromise (confidentiality, integrity, and availability impact). Public exploit code is available, and the vulnerability affects a widely deployed consumer networking device.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (firmware version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler at endpoint /boafrm/formSysCmd. An authenticated remote attacker can exploit this vulnerability by manipulating the 'submit-url' parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the HTTP POST request handler. An authenticated attacker can remotely exploit the setWizardCfg function via the ssid5g parameter to achieve buffer overflow, resulting in complete system compromise including confidentiality, integrity, and availability breaches. Public exploit code has been disclosed and the vulnerability meets criteria for active exploitation risk.
A buffer overflow vulnerability (CVSS 8.8). Risk factors: public PoC available.
Critical buffer overflow vulnerability in TOTOLINK EX1200T firmware version 4.1.2cu.5232_B20210713 affecting the HTTP POST request handler in the /boafrm/formSaveConfig endpoint. An authenticated remote attacker can exploit improper input validation on the 'submit-url' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code exists, increasing real-world exploitation risk.
Critical buffer overflow vulnerability in TOTOLINK EX1200T wireless router (version 4.1.2cu.5232_B20210713) affecting the HTTP POST request handler for the /boafrm/formWirelessTbl endpoint. An authenticated attacker can exploit the submit-url parameter to achieve remote code execution with high confidentiality, integrity, and availability impact (CVSS 8.8). Public proof-of-concept code is available, and this vulnerability may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK EX1200T router firmware (version 4.1.2cu.5232_B20210713) affecting the NTP configuration handler. An authenticated attacker can remotely exploit this vulnerability via HTTP POST requests to the /boafrm/formNtp endpoint by manipulating the submit-url parameter, achieving remote code execution with complete system compromise (confidentiality, integrity, and availability). A public exploit has been disclosed and the vulnerability may be actively exploited in the wild.
Critical buffer overflow vulnerability in TOTOLINK T10 firmware version 4.1.8cu.5207 affecting the setWiFiScheduleCfg function in the HTTP POST request handler. An authenticated remote attacker can exploit this vulnerability by manipulating the 'desc' parameter to achieve buffer overflow, resulting in complete compromise of confidentiality, integrity, and availability. A public exploit has been disclosed and the vulnerability is likely actively exploited given its critical CVSS score of 8.8 and low attack complexity.
Critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/SafeMacFilter endpoint. An authenticated remote attacker can exploit the 'page' parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit code exists and the vulnerability is actively exploitable.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L version 2.06B01 affecting the form_macfilter function through improper handling of mac_hostname_%d and sched_name_%d parameters. An authenticated remote attacker can exploit this vulnerability to achieve complete system compromise including confidentiality, integrity, and availability impacts (CVSS 8.8). Public exploit code is available and the product is end-of-life, significantly elevating real-world risk.
Critical stack-based buffer overflow vulnerability in D-Link DIR-619L firmware version 2.06B01, affecting the port forwarding configuration function. An authenticated remote attacker can exploit this vulnerability by manipulating the ingress_name_%d, sched_name_%d, or name_%d parameters to achieve remote code execution with high integrity and confidentiality impact. The vulnerability has public exploit code available and affects only end-of-life products no longer receiving vendor support, significantly elevating real-world risk for exposed legacy deployments.
Critical remote buffer overflow vulnerability in Tenda FH1203 firmware version 2.0.1.6 affecting the /goform/AdvSetLanip endpoint. An authenticated attacker can exploit improper input validation of the lanMask parameter to achieve remote code execution with full system compromise (confidentiality, integrity, and availability). A public proof-of-concept exploit exists, indicating active disclosure and potential real-world exploitation risk.
Critical buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7 affecting the lanMask parameter in the /goform/AdvSetLanip endpoint. An authenticated remote attacker can exploit this to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public proof-of-concept exists, making this an active exploitation risk.
Critical stack-based buffer overflow vulnerability in Tenda FH1205 firmware version 2.0.0.7(775) affecting the /goform/VirtualSer endpoint's 'page' parameter. An authenticated remote attacker can exploit this to achieve complete system compromise including arbitrary code execution, data exfiltration, and service disruption. The vulnerability has public exploit disclosure and demonstrated proof-of-concept availability, elevating immediate risk despite requiring valid credentials.
NULL pointer dereference in libxml2's XPath processing engine crashes applications parsing untrusted XML. Affects all major Linux distributions including Red Hat Enterprise Linux 10, Ubuntu (10 releases), Debian (8 releases), and SUSE. Remote unauthenticated attackers can trigger denial of service by sending crafted XPath expressions embedded in XML documents. Publicly available exploit code exists (GitHub gist). EPSS score is low (0.15%, 36th percentile) indicating limited widespread exploitation observed, and not currently listed in CISA KEV. Vendor patches available from Red Hat (2.12.5-7.el10_0), SUSE, and upstream libxml2 project.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506. An authenticated attacker can remotely execute arbitrary operating system commands via the 'ipaddress' parameter in /billing/pms_check.php, achieving complete system compromise. Public exploit code exists, the vendor has not responded to early disclosure, and this vulnerability meets criteria for immediate exploitation in real-world environments.
A critical OS command injection vulnerability exists in Wifi-soft UniBox Controller versions up to 20250506 within the /billing/test_accesscodelogin.php file's Password parameter, allowing authenticated remote attackers to execute arbitrary system commands with high impact on confidentiality, integrity, and availability. Public exploit code has been disclosed and the vendor has not responded to early disclosure notifications, indicating active exploitation risk and lack of official patches.
Critical OS command injection vulnerability in Wifi-soft UniBox Controller affecting versions up to 20250506, exploitable through the mac_address parameter in /authentication/logout.php. An authenticated attacker can remotely execute arbitrary OS commands with high impact on confidentiality, integrity, and availability. The vulnerability has been publicly disclosed with exploit code available, and the vendor has not responded to early disclosure attempts, significantly elevating real-world risk.
A SQL injection vulnerability in Customer Support System (CVSS 8.8) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.
A cross-site scripting vulnerability (CVSS 8.7) that allows an attacker. High severity vulnerability requiring prompt remediation.
Privilege escalation flaw in authd's temporary user record handling during pre-authentication NSS operations that causes first-time SSH login users to be incorrectly assigned root group membership within their session context. This allows authenticated users (PR:L) to gain elevated group privileges over the network (AV:N) with low complexity, affecting system confidentiality (C:H) and integrity (I:L). The vulnerability has a high CVSS score of 8.5, though real-world exploitation requires valid login credentials and depends on authentication infrastructure specifics.
A security vulnerability in Apache Tomcat installer for Windows (CVSS 8.4). High severity vulnerability requiring prompt remediation.
Race condition vulnerability in ASUS Armoury Crate that exploits a Time-of-check Time-of-use (TOCTOU) flaw to bypass authentication mechanisms. An authenticated local attacker can exploit this vulnerability to escalate privileges and potentially achieve integrity and availability impacts on the affected system. While the CVSS score of 8.4 is elevated, real-world exploitation requires local access and existing user privileges, limiting widespread impact.
Privilege escalation vulnerability in Tenable Agent for Windows (versions prior to 10.8.5) that allows a non-administrative local user to execute arbitrary code with SYSTEM-level privileges. This is a local privilege escalation (LPE) vulnerability with high severity (CVSS 7.8) requiring only local access and low complexity exploitation. The vulnerability represents a critical risk in multi-user Windows environments where standard users could gain complete system control.
Apache Commons FileUpload contains a Denial of Service vulnerability in multipart header processing due to insufficient resource allocation limits (CWE-770). Affected versions are 1.0 through 1.5.x and 2.0.0-M1 through 2.0.0-M3. An unauthenticated remote attacker can exploit this with a network request to cause resource exhaustion and service unavailability without requiring user interaction or elevated privileges. CVSS 7.5 (High) reflects the high availability impact; KEV and EPSS data availability would determine exploitation likelihood in the wild.
A remote code execution vulnerability in Apache Tomcat (CVSS 7.5). High severity vulnerability requiring prompt remediation.
Liferay Portal and DXP versions fail to implement depth limiting on GraphQL queries, enabling unauthenticated remote attackers to execute deeply nested queries that consume excessive server resources and cause denial-of-service. This affects Liferay Portal 7.4.0-7.4.3.97 and multiple DXP versions (2023.Q3.1-2023.Q3.2, 7.4 GA-Update 92, 7.3 GA-Update 35, 7.2 FP 8-20). With a CVSS 7.5 score, high network exploitability, and no authentication required, this represents a significant availability risk to exposed Liferay installations.
CVE-2025-49125 is an authentication bypass vulnerability in Apache Tomcat affecting versions 8.5.0-8.5.100, 9.0.0-9.0.105, 10.1.0-10.1.41, and 11.0.0-11.0.7. The vulnerability allows unauthenticated remote attackers to access PreResources or PostResources mounted outside the web application root via alternate path traversal, bypassing security constraints configured for the intended resource path. With a CVSS score of 7.5 and high confidentiality impact, this represents a critical authentication mechanism failure that requires immediate patching.
A security vulnerability in Liferay Portal 7.0.0 (CVSS 7.5) that allows remote attackers. High severity vulnerability requiring prompt remediation.
Local privilege escalation vulnerability in Google ChromeOS MiniOS that allows unauthenticated attackers to achieve root code execution by exploiting an accessible debug shell (VT3 console) through specific key combinations during developer mode entry, circumventing device policy restrictions and Firmware Write Protect mechanisms. This vulnerability affects ChromeOS version 16063.45.2 and potentially other versions on enrolled devices, with a CVSS score of 7.4 indicating high severity. The attack requires local access and specific technical knowledge of key sequences, but no user interaction is needed once device access is obtained.
A security vulnerability in Conda-build (CVSS 7.0). High severity vulnerability requiring prompt remediation. Vendor patch is available.