CVE-2025-5080 – Tenda FH451 Stack-Based Buffer Overflow

May 22, 2025

CVE ID : CVE-2025-5080

Published : May 22, 2025, 3:16 p.m. | 1 hour, 30 minutes ago

Description : A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5079 – Campcodes Online Shopping Portal SQL Injection Vulnerability

Next Article CVE-2025-45471 – Apache Spark Measure-Cold-Start Privilege Escalation Vulnerability

Highlights

CVE-2025-46734 – League Commonmark Attributes Extension Cross-Site Scripting Vulnerability

May 5, 2025

CVE ID : CVE-2025-46734

Published : May 5, 2025, 8:15 p.m. | 3 hours, 19 minutes ago

Description : league/commonmark is a PHP Markdown parser. A cross-site scripting (XSS) vulnerability in the Attributes extension of the league/commonmark library (versions 1.5.0 through 2.6.x) allows remote attackers to insert malicious JavaScript calls into HTML. The league/commonmark library provides configuration options such as `html_input: ‘strip’` and `allow_unsafe_links: false` to mitigate cross-site scripting (XSS) attacks by stripping raw HTML and disallowing unsafe links. However, when the Attributes Extension is enabled, it introduces a way for users to inject arbitrary HTML attributes into elements via Markdown syntax using curly braces. Version 2.7.0 contains three changes to prevent this XSS attack vector: All attributes starting with `on` are considered unsafe and blocked by default; support for an explicit allowlist of allowed HTML attributes; and manually-added `href` and `src` attributes now respect the existing `allow_unsafe_links` configuration option. If upgrading is not feasible, please consider disabling the `AttributesExtension` for untrusted users and/or filtering the rendered HTML through a library like HTMLPurifier.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Droip: The Modern Website Builder WordPress Needed

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

“One of the best and most premium charging accessories” — Razer Universal Quick Charging Stand for Xbox is 40% off

AI and Digital Trends Marketing and IT Leaders Need to Know

AI and Digital Trends Marketing and IT Leaders Need to Know

Blade Authorization Directives for View Security

Laravel AI Chat Starter Kit

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

CVE-2025-5080 – Tenda FH451 Stack-Based Buffer Overflow

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Microsoft April 2025 Patch Tuesday: Fixes for 134 security vulnerabilities, one exploited Zero-Day

CVE-2025-0325 – Axis Guard Tour VAPIX API Parameter Injection Vulnerability

AWS Open-Sources Strands Agents SDK to Simplify AI Agent Development

CVE-2025-6489 – iSourcecode Agri-Trading Online Shopping System SQL Injection Vulnerability

CVE-2025-46734 – League Commonmark Attributes Extension Cross-Site Scripting Vulnerability

CVE-2025-32354 – Zimbra Collaboration CSRF Vulnerability

CVE-2025-5790 – TOTOLINK X15 Buffer Overflow Vulnerability

Transform JSON into Typed Collections with Laravel’s AsCollection::of()

CVE-2025-5080 – Tenda FH451 Stack-Based Buffer Overflow

Related Posts