Aggregator

Microsoft Research писала о Rust в 2019, но драйверы всё ещё ждут.

A vulnerability was found in D-Link DIR-825 1.08.01. It has been rated as critical. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is cataloged as CVE-2025-10034. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

本文揭示了NAT规范中长期存在但未被关注的一个路径MTU侧信道问题，并进一步利用该漏洞实现了一种可规模化远程TCP连接中断攻击。

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been declared as critical. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. This vulnerability is listed as CVE-2025-10033. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in AMD EPYC 7003 Processors, EPYC 9004 Processors, EPYC 8004 Processors, Ryzen Threadripper PRO 5000 WX-Series Processors, Ryzen 5000 Mobile Processors with Radeon Graphics, Ryzen 7035 Processors with Radeon Graphics, Ryzen 5000 Desktop Processors, Ryzen 7000 Desktop Processors, Ryzen 7040 Mobile Processors with Radeon Graphics, Ryzen 6000 Processors with Radeon Graphics, Ryzen 7045 Mobile Processors with Radeon Graphics, Ryzen Threadripper PRO 3000 WX-Series Processors, Ryzen 7030 Mobile Processors with Radeon Graphics, Ryzen 8000 Desktop Processors, EPYC Embedded 7003 Processors, EPYC Embedded 9004 Processors, Ryzen Embedded 8000 Processors, Ryzen Embedded 7000 Processors, Ryzen Embedded 5000 Processors and Ryzen Embedded V3000 Processors. It has been classified as problematic. The impacted element is an unknown function of the component CPU Microcode Handler. This manipulation causes incomplete cleanup. This vulnerability is tracked as CVE-2024-21977. The attack is restricted to local execution. No exploit exists. Upgrading the affected component is recommended.

Submit #643978 / VDB-322750

A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0 and classified as problematic. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. This vulnerability is identified as CVE-2025-10032. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0 and classified as critical. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. This vulnerability is referenced as CVE-2025-10031. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability, which was classified as critical, was found in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The identification of this vulnerability is CVE-2025-10030. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #643974 / VDB-322749

Submit #643954 / VDB-322747

Submit #643953 / VDB-322747

A vulnerability, which was classified as problematic, has been found in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument scripts results in cross site scripting. This vulnerability was named CVE-2025-10029. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability classified as problematic was found in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-10028. The attack can be launched remotely. Moreover, an exploit is present.

Submit #643952 / VDB-322747

A vulnerability classified as problematic has been found in itsourcecode POS Point of Sale System 1.0. Affected by this issue is some unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/2512.php. This manipulation of the argument scripts causes cross site scripting. This vulnerability is handled as CVE-2025-10027. The attack can be initiated remotely. Additionally, an exploit exists.

Submit #643951 / VDB-322746

A vulnerability described as problematic has been identified in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/-complex_header.php. The manipulation of the argument scripts results in cross site scripting. This vulnerability is known as CVE-2025-10026. It is possible to launch the attack remotely. Furthermore, an exploit is available.

Submit #643950 / VDB-322745