Development

CVE ID : CVE-2025-8800

Published : Aug. 10, 2025, 8:15 a.m. | 17 hours, 26 minutes ago

Description : A vulnerability was found in Open5GS up to 2.7.5. It has been rated as problematic. Affected by this issue is the function esm_handle_pdn_connectivity_request of the file src/mme/esm-handler.c of the component AMF Component. The manipulation leads to denial of service. The attack may be launched remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 701505102f514cbde2856cd2ebc9bedb7efc820d. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8801

Published : Aug. 10, 2025, 9:15 a.m. | 16 hours, 26 minutes ago

Description : A vulnerability classified as problematic has been found in Open5GS up to 2.7.5. This affects the function gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is f47f2bd4f7274295c5fbb19e2f806753d183d09a. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8802

Published : Aug. 10, 2025, 9:15 a.m. | 16 hours, 26 minutes ago

Description : A vulnerability classified as problematic was found in Open5GS up to 2.7.5. This vulnerability affects the function smf_state_operational of the file src/smf/smf-sm.c of the component SMF. The manipulation of the argument stream leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version v2.7.6 is able to address this issue. The patch is identified as f168f7586a4fa536cee95ae60ac437d997f15b97. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8803

Published : Aug. 10, 2025, 10:15 a.m. | 15 hours, 26 minutes ago

Description : A vulnerability, which was classified as problematic, was found in Open5GS up to 2.7.5. Affected is the function gmm_state_de_registered/gmm_state_exception of the file src/amf/gmm-sm.c of the component AMF. The manipulation leads to denial of service. It is possible to launch the attack remotely. Upgrading to version 2.7.6 is able to address this issue. The name of the patch is 1f30edac27f69f61cff50162e980fe58fdeb30ca. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8804

Published : Aug. 10, 2025, 10:15 a.m. | 15 hours, 26 minutes ago

Description : A vulnerability has been found in Open5GS up to 2.7.5 and classified as problematic. Affected by this vulnerability is the function ngap_build_downlink_nas_transport of the component AMF. The manipulation leads to reachable assertion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The identifier of the patch is bca0a7b6e01d254f4223b83831162566d4626428. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8805

Published : Aug. 10, 2025, 11:15 a.m. | 14 hours, 26 minutes ago

Description : A vulnerability was found in Open5GS up to 2.7.5 and classified as problematic. Affected by this issue is the function smf_gsm_state_wait_pfcp_deletion of the file src/smf/gsm-sm.c of the component SMF. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.7.6 is able to address this issue. The patch is identified as c58b8f081986aaf2a312d73a0a17985518b47fe6. It is recommended to upgrade the affected component.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8806

Published : Aug. 10, 2025, 11:15 a.m. | 14 hours, 26 minutes ago

Description : A vulnerability was found in zhilink 智互联(深圳)科技有限公司 ADP Application Developer Platform 应用开发者平台 1.0.0. It has been classified as critical. This affects an unknown part of the file /adpweb/a/sys/office/treeData. The manipulation of the argument extId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8807

Published : Aug. 10, 2025, 12:15 p.m. | 13 hours, 26 minutes ago

Description : A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8808

Published : Aug. 10, 2025, 12:15 p.m. | 13 hours, 26 minutes ago

Description : A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8809

Published : Aug. 10, 2025, 1:15 p.m. | 12 hours, 26 minutes ago

Description : A vulnerability classified as critical has been found in code-projects Online Medicine Guide 1.0. Affected is an unknown function of the file /addelidetails.php. The manipulation of the argument del leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8810

Published : Aug. 10, 2025, 2:15 p.m. | 11 hours, 3 minutes ago

Description : A vulnerability classified as critical was found in Tenda AC20 16.03.08.05. Affected by this vulnerability is the function strcpy of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8811

Published : Aug. 10, 2025, 2:15 p.m. | 11 hours, 26 minutes ago

Description : A vulnerability, which was classified as critical, has been found in code-projects Simple Art Gallery 1.0. Affected by this issue is some unknown functionality of the file /Admin/registration.php. The manipulation of the argument fname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8812

Published : Aug. 10, 2025, 2:15 p.m. | 11 hours, 26 minutes ago

Description : A vulnerability, which was classified as problematic, was found in atjiu pybbs up to 6.0.0. This affects an unknown part of the file /api/settings of the component Admin Panel. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 2fe4a51afbce0068c291bc1818bbc8f7f3b01a22. It is recommended to apply a patch to fix this issue.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8813

Published : Aug. 10, 2025, 3:15 p.m. | 10 hours, 26 minutes ago

Description : A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8814

Published : Aug. 10, 2025, 3:15 p.m. | 10 hours, 26 minutes ago

Description : A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8815

Published : Aug. 10, 2025, 4:15 p.m. | 9 hours, 26 minutes ago

Description : A vulnerability was found in 猫宁i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8816

Published : Aug. 10, 2025, 4:15 p.m. | 9 hours, 3 minutes ago

Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected is the function setOpMode of the file /goform/setOpMode. The manipulation of the argument ethConv leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8817

Published : Aug. 10, 2025, 10:15 p.m. | 3 hours, 26 minutes ago

Description : A vulnerability was identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this vulnerability is the function setLan of the file /goform/setLan. The manipulation of the argument lan2enabled leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8818

Published : Aug. 10, 2025, 11:15 p.m. | 2 hours, 26 minutes ago

Description : A vulnerability has been found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. Affected by this issue is the function setDFSSetting of the file /goform/setLan. The manipulation of the argument lanNetmask/lanIp leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8819

Published : Aug. 10, 2025, 11:15 p.m. | 2 hours, 3 minutes ago

Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 up to 20250801. This affects the function setWan of the file /goform/setWan. The manipulation of the argument staticIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…