Skip to main content
CVE-2025-55498 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi was discovered to contain a buffer overflow via the time parameter in the fromSetSysTime function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-55482 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the formSetCfm function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-43748 HIGH PATCH This Month

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

CSRF Digital Experience Platform Liferay Portal
NVD
CVSS 4.0
7.1
EPSS
0.0%
CVE-2024-57491 HIGH This Month

Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-55503 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi has a stack overflow vulnerability via the deviceName parameter in the saveParentControlInfo function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-55483 HIGH POC This Month

Tenda AC6 V15.03.06.23_multi is vulnerable to Buffer Overflow in the function formSetMacFilterCfg via the parameters macFilterType and deviceList. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Tenda Buffer Overflow Stack Overflow Ac6 Firmware
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54926 HIGH This Month

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause remote code execution when an authenticated attacker with admin privileges uploads a malicious file over HTTP which then gets

RCE Path Traversal
NVD
CVSS 3.1
7.2
EPSS
0.7%
CVE-2025-54925 HIGH This Month

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker configures the application to access a malicious url.

Authentication Bypass Information Disclosure SSRF
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54924 HIGH This Month

CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.

Authentication Bypass Information Disclosure SSRF
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-54923 HIGH This Month

CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution and compromise of system integrity when authenticated users send crafted data to a network-exposed service that performs unsafe deserialization.

RCE Deserialization
NVD
CVSS 4.0
8.7
EPSS
1.4%
CVE-2025-50503 HIGH This Month

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32010 HIGH This Month

A stack-based buffer overflow vulnerability exists in the Cloud API functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda Buffer Overflow Stack Overflow RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.6%
CVE-2025-31355 HIGH This Month

A firmware update vulnerability exists in the Firmware Signature Validation functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-30256 HIGH This Month

A denial of service vulnerability exists in the HTTP Header Parsing functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Tenda Ac6 Firmware
NVD
CVSS 3.1
8.6
EPSS
0.1%
CVE-2025-24496 HIGH This Month

An information disclosure vulnerability exists in the /goform/getproductInfo functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Tenda Information Disclosure Ac6 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-24322 HIGH This Month

An unsafe default authentication vulnerability exists in the Initial Setup Authentication functionality of Tenda AC6 V5.0 V02.03.01.110. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Tenda RCE Ac6 Firmware
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-8453 HIGH This Month

arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-57732 HIGH This Month

In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership. Rated high severity (CVSS 7.5). No vendor patch available.

Privilege Escalation Teamcity
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-57731 HIGH This Month

In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Youtrack
NVD
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-8289 HIGH This Month

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress File Upload PHP Deserialization Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-8145 HIGH This Month

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.4 via deserialization of untrusted input in the get_lead_fields. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Deserialization RCE
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2025-8141 HIGH This Month

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_associated_files function in all versions up. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress PHP Path Traversal RCE
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2025-9132 HIGH PATCH This Month

Out of bounds write in V8 in Google Chrome prior to 139.0.7258.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Google Chrome Suse
NVD
CVSS 3.1
8.8
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy