Skip to main content
CVE-2025-7550 HIGH POC This Week

CVE-2025-7550 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated remote attacker can exploit the 'dips' parameter to achieve arbitrary code execution with high impact on confidentiality, integrity, and availability. A public proof-of-concept exists, and the vulnerability exhibits active exploitation characteristics with a CVSS score of 8.8.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7549 HIGH POC This Week

CVE-2025-7549 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 firmware version 1.2.0.14(408) affecting the L7Prot form handler. An authenticated remote attacker can exploit the 'page' parameter to overflow the stack, achieving complete compromise of the device with high confidentiality, integrity, and availability impact. The vulnerability has public exploit disclosure and should be considered actively exploitable.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7548 HIGH POC This Week

CVE-2025-7548 is a critical stack-based buffer overflow vulnerability in Tenda FH1201 wireless router firmware version 1.2.0.14(408) affecting the SafeEmailFilter function. An authenticated remote attacker can exploit an improper bounds check on the 'page' parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code exists for this vulnerability, elevating real-world risk significantly.

Buffer Overflow Fh1201 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7544 HIGH POC This Week

CVE-2025-7544 is a critical stack-based buffer overflow vulnerability in Tenda AC1206 firmware version 15.03.06.23, specifically in the formSetMacFilterCfg function accessible via the /goform/setMacFilterCfg endpoint. An authenticated remote attacker can exploit this vulnerability by manipulating the deviceList parameter to achieve remote code execution with high confidentiality, integrity, and availability impact. Public exploit disclosure and active exploitation indicators elevate real-world risk significantly.

Buffer Overflow Ac1206 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-7532 HIGH POC This Week

CVE-2025-7532 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the webExcptypemanFilter function. An authenticated remote attacker can exploit improper input validation on the 'page' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability impact). A public exploit has been disclosed and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7531 HIGH POC This Week

CVE-2025-7531 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP user settings function. An authenticated remote attacker can exploit improper input validation on the 'delno' parameter to achieve code execution with full system compromise (confidentiality, integrity, and availability). The vulnerability has public exploit code available and represents active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7530 HIGH POC This Week

CVE-2025-7530 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the PPTP client configuration function. An authenticated remote attacker can exploit this vulnerability by supplying a malicious Username argument to the /goform/PPTPDClient endpoint, potentially achieving remote code execution with full system compromise (confidentiality, integrity, and availability impact). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7529 HIGH POC This Week

CVE-2025-7529 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) that allows authenticated remote attackers to achieve complete system compromise through manipulation of the 'page' parameter in the /goform/Natlimit endpoint. With a CVSS score of 8.8, public exploit disclosure, and confirmation of active exploitation potential, this vulnerability poses significant real-world risk to deployed Tenda router installations.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7528 HIGH POC This Week

CVE-2025-7528 is a critical stack-based buffer overflow vulnerability in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/GstDhcpSetSer endpoint. An authenticated attacker can remotely exploit this vulnerability by manipulating the 'dips' parameter to achieve arbitrary code execution with full system compromise (confidentiality, integrity, and availability impact). The vulnerability has public exploit code available and meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda RCE
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-7527 HIGH POC This Week

A critical stack-based buffer overflow vulnerability exists in Tenda FH1202 firmware version 1.2.0.14(408) affecting the /goform/AdvSetWan endpoint. An authenticated remote attacker can overflow the PPPOEPassword parameter to achieve arbitrary code execution with full system privileges (confidentiality, integrity, and availability compromise). Public exploit code is available and the vulnerability meets criteria for active exploitation risk.

Buffer Overflow Fh1202 Firmware Tenda
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-58258 HIGH POC PATCH This Week

CVE-2024-58258 is a Server-Side Request Forgery (SSRF) vulnerability in SugarCRM's API module that exploits limited code injection capabilities to allow unauthenticated remote attackers to make arbitrary requests from the affected server. SugarCRM versions before 13.0.4 and 14.x before 14.0.1 are affected, potentially enabling attackers to access internal resources, cloud metadata endpoints, or perform lateral movement. The vulnerability has a CVSS 3.1 score of 7.2 (High) with network-based attack vector and no authentication required, though it does not enable direct code execution or availability impact.

Code Injection SSRF Salesforce
NVD Exploit-DB
CVSS 3.1
7.2
EPSS
0.9%
CVE-2025-6491 MEDIUM POC PATCH This Month

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.

PHP Null Pointer Dereference Denial Of Service Debian Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.2%
CVE-2025-7538 MEDIUM POC This Month

CVE-2025-7538 is a critical unrestricted file upload vulnerability in Campcodes Sales and Inventory System version 1.0, specifically in the /pages/product_update.php file's image parameter handling. An unauthenticated remote attacker can upload arbitrary files without restriction, potentially leading to remote code execution, data compromise, and system availability impact. The vulnerability has been publicly disclosed with exploit code available, making active exploitation a significant concern.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7547 MEDIUM POC This Month

CVE-2025-7547 is a critical unrestricted file upload vulnerability in Campcodes Online Movie Theater Seat Reservation System version 1.0, affecting the save_movie function in /admin/admin_class.php. An unauthenticated remote attacker can manipulate the 'cover' parameter to upload arbitrary files, potentially leading to remote code execution, data compromise, and service disruption. The exploit has been publicly disclosed and may be actively exploited in the wild.

File Upload PHP Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7521 MEDIUM POC This Month

CVE-2025-7521 is a critical SQL injection vulnerability in PHPGurukul Vehicle Parking Management System version 1.13, specifically in the /admin/index.php file's Username parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system compromise. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7541 MEDIUM POC This Month

CVE-2025-7541 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /get_town.php endpoint where the 'countryid' parameter is inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the appointment booking system database. The vulnerability has been publicly disclosed with proof-of-concept code available, significantly increasing real-world exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7540 MEDIUM POC This Month

CVE-2025-7540 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System 1.0 affecting the /getclinic.php file's townid parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the database. The vulnerability has been publicly disclosed with exploit code available, creating immediate operational risk for deployed instances.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7539 MEDIUM POC This Month

CVE-2025-7539 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getdoctordaybooking.php file via the 'cid' parameter. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database records. Exploitation has been publicly disclosed with proof-of-concept availability, and the vulnerability may be actively exploited in the wild.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7537 MEDIUM POC This Month

CVE-2025-7537 is a critical SQL injection vulnerability in Campcodes Sales and Inventory System version 1.0 affecting the /pages/product_update.php file. An unauthenticated remote attacker can manipulate the 'ID' parameter to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. Public exploit disclosure and active exploitation indicators suggest immediate remediation is warranted.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7536 MEDIUM POC This Month

CVE-2025-7536 is a critical SQL injection vulnerability in Campcodes Sales and Inventory System 1.0 affecting the /pages/receipt_credit.php endpoint via the 'sid' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially leading to unauthorized data access, modification, or system compromise. The vulnerability has been publicly disclosed with proof-of-concept code available, indicating active exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7535 MEDIUM POC This Month

CVE-2025-7535 is a critical SQL injection vulnerability in Campcodes Sales and Inventory System version 1.0, located in the /pages/reprint_cash.php file's 'sid' parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploits available, making it an immediate threat to deployed instances.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7534 MEDIUM POC This Month

CVE-2025-7534 is a critical SQL injection vulnerability in PHPGurukul Student Result Management System 2.0, exploitable through the 'nid' GET parameter in /notice-details.php. An unauthenticated remote attacker can manipulate this parameter to execute arbitrary SQL queries, potentially compromising confidentiality, integrity, and availability of the application database. Public exploit disclosure and confirmed attack surface (unauthenticated, network-accessible endpoint) elevate real-world risk despite the moderate CVSS 7.3 score.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7533 MEDIUM POC This Month

CVE-2025-7533 is a SQL injection vulnerability in code-projects Job Diary 1.0 affecting the /view-details.php file through the job_id parameter, allowing unauthenticated remote attackers to execute arbitrary SQL queries and potentially read, modify, or delete database contents. The vulnerability has a CVSS score of 7.3 (High) with public exploit disclosure and proof-of-concept availability, indicating active exploitation risk in the wild. This is a critical severity issue for all deployments of the affected version with direct database access implications.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7517 MEDIUM POC This Month

CVE-2025-7517 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /getDay.php file's cidval parameter. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, and exploitation requires no special privileges or user interaction, making it an immediate threat to deployed instances.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7516 MEDIUM POC This Month

CVE-2025-7516 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, affecting the /cancelbookingpatient.php endpoint via the 'appointment' parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of appointment records and sensitive patient information. Public disclosure and proof-of-concept availability indicate active exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7515 MEDIUM POC This Month

CVE-2025-7515 is a critical SQL injection vulnerability in code-projects Online Appointment Booking System version 1.0, specifically in the /ulocateus.php file where the 'doctorname' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database contents. The vulnerability has been publicly disclosed with proof-of-concept code available, increasing real-world exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7514 MEDIUM POC This Month

A SQL injection vulnerability exists in code-projects Modern Bag version 1.0, specifically in the /admin/contact-list.php file where the 'idStatus' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation likely.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7513 MEDIUM POC This Month

CVE-2025-7513 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/slideupdate.php endpoint, where unsanitized idSlide parameter input allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploits available, enabling attackers to read, modify, or delete database records with moderate confidentiality, integrity, and availability impact.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7512 MEDIUM POC This Month

CVE-2025-7512 is a critical SQL injection vulnerability in code-projects Modern Bag version 1.0, affecting the /contact-back.php file's contact-name parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit disclosure and demonstrates active exploitation potential with a CVSS score of 7.3.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7510 MEDIUM POC This Month

CVE-2025-7510 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/productadd_back.php file, where the 'namepro' parameter is improperly sanitized allowing remote unauthenticated attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with exploit code available, and carries a CVSS 7.3 score indicating moderate-to-high real-world risk with low attack complexity. An attacker can extract, modify, or delete database contents without authentication, compromising confidentiality, integrity, and availability of the application.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7509 MEDIUM POC This Month

CVE-2025-7509 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/slide.php endpoint via the idSlide parameter. An unauthenticated remote attacker can exploit this with no user interaction to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7508 MEDIUM POC This Month

CVE-2025-7508 is a critical SQL injection vulnerability in code-projects Modern Bag 1.0 affecting the /admin/product-update.php endpoint, where the 'idProduct' parameter is improperly validated before database queries. An unauthenticated remote attacker can exploit this to execute arbitrary SQL commands, potentially exfiltrating sensitive data, modifying product information, or gaining further system access. The vulnerability has public exploit disclosure and active real-world exploitation is likely given the low attack complexity and lack of authentication requirements.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-7523 MEDIUM POC This Month

CVE-2025-7523 is an XML External Entity (XXE) injection vulnerability in Jinher OA 1.0 affecting the /c6/Jhsoft.Web.message/ToolBar/DelTemp.aspx endpoint. An unauthenticated remote attacker can exploit this to read sensitive files, modify data, or cause denial of service with low attack complexity. The vulnerability has been publicly disclosed with exploit code available, increasing real-world exploitation risk.

XXE
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7542 MEDIUM POC This Month

CVE-2025-7542 is a critical SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System version 3.3, located in the /admin/user-profile.php file where the 'uid' parameter is not properly sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or system compromise. The vulnerability has been publicly disclosed with proof-of-concept code available, and exploitation requires no special privileges or user interaction, making it a high-priority threat for affected deployments.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-7012 HIGH PATCH This Week

CVE-2025-7012 is a local privilege escalation vulnerability in Cato Networks CatoClient for Linux versions prior to 5.5, stemming from improper symbolic link handling that allows an authenticated local attacker to escalate privileges to root. With a CVSS score of 8.6 and CWE-59 classification, this vulnerability presents a high-severity risk to Linux deployments; the attack requires local access and user interaction but delivers complete system compromise. Active exploitation status and proof-of-concept availability should be verified through CISA KEV database and exploit repositories.

Privilege Escalation
NVD
CVSS 4.0
8.6
EPSS
0.0%
CVE-2025-1220 LOW POC PATCH Monitor

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.

PHP SSRF Debian
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-7525 LOW POC Monitor

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been declared as critical. This vulnerability affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument command leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.6%
CVE-2025-7524 LOW POC Monitor

A vulnerability was found in TOTOLINK T6 4.1.5cu.748_B20211015. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Command Injection
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
1.6%
CVE-2025-53865 MEDIUM PATCH This Month

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

XSS Debian
NVD GitHub
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-7522 LOW POC Monitor

A vulnerability has been found in PHPGurukul Vehicle Parking Management System 1.13 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7520 LOW POC Monitor

A vulnerability, which was classified as critical, has been found in PHPGurukul Vehicle Parking Management System 1.13. This issue affects some unknown processing of the file /admin/manage-category.php. The manipulation of the argument del leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-7543 LOW POC Monitor

A vulnerability was found in PHPGurukul User Registration & Login and User Management System 3.3. It has been classified as critical. This affects an unknown part of the file /admin/manage-users.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-7511 LOW POC Monitor

A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/update_account.php. The manipulation of the argument musername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-1735 MEDIUM PATCH This Month

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.

PHP PostgreSQL SQLi Debian Red Hat +1
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-7545 LOW PATCH Monitor

A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to fix this issue.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-7546 LOW PATCH Monitor

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The name of the patch is 41461010eb7c79fee7a9d5f6209accdaac66cc6b. It is recommended to apply a patch to fix this issue.

Buffer Overflow
NVD VulDB
CVSS 4.0
1.9
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy