Security

CVE ID : CVE-2025-9356

Published : Aug. 22, 2025, 9:15 p.m. | 5 hours ago

Description : A vulnerability was determined in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function inboundFilterAdd of the file /goform/inboundFilterAdd. Executing manipulation of the argument ruleName can lead to stack-based buffer overflow. The attack may be performed from a remote location. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9355

Published : Aug. 22, 2025, 9:15 p.m. | 5 hours ago

Description : A vulnerability was found in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function scheduleAdd of the file /goform/scheduleAdd. Performing manipulation of the argument ruleName results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52451

Published : Aug. 22, 2025, 9:15 p.m. | 5 hours ago

Description : Improper Input Validation vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api – create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52450

Published : Aug. 22, 2025, 9:15 p.m. | 5 hours, 21 minutes ago

Description : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in Salesforce Tableau Server on Windows, Linux (abdoc api – create-data-source-from-file-upload modules) allows Absolute Path Traversal.This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55455

Published : Aug. 22, 2025, 9:15 p.m. | 5 hours, 21 minutes ago

Description : DooTask v1.0.51 was dicovered to contain an authenticated arbitrary download vulnerability via the component /msg/sendtext.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8193

Published : Aug. 22, 2025, 11:15 p.m. | 3 hours, 21 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-43770

Published : Aug. 23, 2025, 2:15 a.m. | 21 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the referer or FORWARD_URL using %00 in those parameters.

Severity: 6.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-52352

Published : Aug. 21, 2025, 6:15 p.m. | 7 hours, 4 minutes ago

Description : Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to register accounts via APIs even when the feature is disabled. This leads to authentication bypass and unauthorized access to admin portals, violating intended access controls.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-7051

Published : Aug. 21, 2025, 6:15 p.m. | 7 hours, 4 minutes ago

Description : On N-central, it is possible for any authenticated user to read, write and modify syslog configuration across customers on an N-central server. This vulnerability is present in all deployments of N-central prior to 2025.2.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-10015

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : AOL versions up to and including 9.5 includes an ActiveX control (Phobos.dll) that exposes a method called Import() via the Phobos.Playlist COM object. This method is vulnerable to a stack-based buffer overflow when provided with an excessively long string argument. Exploitation allows remote attackers to execute arbitrary code in the context of the user, but only when the malicious HTML file is opened locally, due to the control not being marked safe for scripting or initialization. AOL remains an active and supported brand offering services like AOL Mail and AOL Desktop Gold, but the legacy AOL 9.5 desktop software—specifically the version containing the vulnerable Phobos.dll ActiveX control—is long discontinued and no longer maintained.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20109

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20111

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Digital Music Pad v8.2.3.3.4 contains a stack-based buffer overflow vulnerability in its playlist file parser. When opening a .pls file containing an excessively long string in the File1 field, the application fails to properly validate input length, resulting in corruption of the Structured Exception Handler (SEH) on the stack. This flaw may allow an attacker to control execution flow when the file is opened, potentially leading to arbitrary code execution.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20112

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and affects legacy Windows deployments

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20119

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20121

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27721

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Unauthorized users can access INFINITT PACS System Manager without proper authorization,
which could lead to unauthorized access to system resources.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3128

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : A remote unauthenticated attacker who has bypassed authentication could
execute arbitrary OS commands to disclose, tamper with, destroy or
delete information in Mitsubishi Electric smartRTU, or cause a denial-of
service condition on the product.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53763

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53795

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55105

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…