CVE ID : CVE-2025-46398
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via read_objects function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46400
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via read_arcobject function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-46399
Published : April 23, 2025, 9:15 p.m. | 1 hour, 43 minutes ago
Description : Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via genge_itp_spline function.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
FireEye EDR Agent Vulnerability Let Attackers Inject Malicious Code
A significant vulnerability in the FireEye Endpoint Detection and Response (EDR) agent that could allow attackers to inject malicious code and render critical security protections ineffective.
The vul …
Read more
Published Date:
Apr 23, 2025 (5 hours, 21 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-0618
Critical Vulnerabilities in Browser Wallets Let Attackers Drain your Funds
Significant vulnerabilities in popular browser-based cryptocurrency wallets enable attackers to steal funds without any user interaction or approval.
These critical flaws, discovered in wallets includ …
Read more
Published Date:
Apr 23, 2025 (5 hours, 12 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2023-40580
Synology Network File System Vulnerability Let Read Any File
A severe security vulnerability in Synology’s DiskStation Manager (DSM) software has been identified. This vulnerability allows remote attackers to read arbitrary files through the Network File System …
Read more
Published Date:
Apr 23, 2025 (5 hours, 10 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1021
ASUS releases fix for AMI bug that lets hackers brick servers
ASUS has released security updates to address CVE-2024-54085, a maximum severity flaw that could allow attackers to hijack and potentially brick servers.
The flaw impacts American Megatrends Internati …
Read more
Published Date:
Apr 23, 2025 (4 hours, 39 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2024-54085
CVE-2025-1731 and CVE-2025-1732 impacts Zyxel Firewalls
Zyxel has disclosed two critical vulnerabilities, CVE-2025-1731 and CVE-2025-1732, affecting its USG FLEX H series firewalls. These vulnerabilities could allow authenticated local attackers to escalat …
Read more
Published Date:
Apr 23, 2025 (3 hours, 46 minutes ago)
Vulnerabilities has been mentioned in this article.
CVE-2025-1732
CVE-2025-1731
CVE-2025-32433
CVE-2025-24054
CVE ID : CVE-2025-28037
Published : April 22, 2025, 4:15 p.m. | 1 day, 2 hours ago
Description : TOTOLINK A810R V4.1.2cu.5182_B20201026 and A950RG V4.1.2cu.5161_B20200903 were found to contain a pre-auth remote command execution vulnerability in the setDiagnosisCfg function through the ipDomain parameter.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45428
Published : April 23, 2025, 3:16 p.m. | 3 hours, 43 minutes ago
Description : In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45427
Published : April 23, 2025, 3:16 p.m. | 3 hours, 43 minutes ago
Description : In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-45429
Published : April 23, 2025, 4:15 p.m. | 2 hours, 43 minutes ago
Description : In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1048
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : Sonos Era 300 Speaker libsmb2 Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of SMB data. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25535.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1049
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ID3 data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25601.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-1050
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of HLS playlist data. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25606.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28022
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi through the v25 parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28028
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : TOTOLINK A830R V4.1.2cu.5182_B20201102, A950RG V4.1.2cu.5161_B20200903, A3000RU V5.9c.5185_B20201128, and A3100R V4.1.2cu.5247_B20211129 were found to contain a buffer overflow vulnerability in downloadFile.cgi through the v5 parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-29526
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability in the search function of Q4 Inc Investor Relations Platform v5.147.1.2 allows attackers to execute arbitrary Javascript via injecting a crafted payload into the SearchTerm parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-2760
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of XWD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25082.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more…
CVE ID : CVE-2025-28021
Published : April 23, 2025, 5:16 p.m. | 1 hour, 42 minutes ago
Description : TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in the downloadFile.cgi through the v14 and v3 parameters
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more…