Aggregator

Submit #592625 / VDB-312593

Submit #592621 / VDB-312592

Submit #592617 / VDB-312591

Submit #592624 / VDB-312591

A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. This vulnerability is known as CVE-2025-6120. It is possible to launch the attack on the local host. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. This vulnerability is traded as CVE-2025-6119. Attacking locally is a requirement. Furthermore, there is an exploit available. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Submit #592574 / VDB-312590

Submit #591235 / VDB-312589

Submit #591233 / VDB-312588

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been rated as critical. This issue affects some unknown processing of the file /vehicle/search of the component API. The manipulation of the argument vehicleTypeCode leads to sql injection. The identification of this vulnerability is CVE-2025-6118. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been declared as critical. This vulnerability affects unknown code of the file /Reservations/Search of the component API. The manipulation of the argument Value leads to sql injection. This vulnerability was named CVE-2025-6117. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Das Parking Management System 停车场管理系统 6.2.0. It has been classified as critical. This affects an unknown part of the file /IntraFieldVehicle/Search of the component API. The manipulation of the argument Value leads to sql injection. This vulnerability is uniquely identified as CVE-2025-6116. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this issue is the function form_macfilter. The manipulation of the argument mac_hostname_%d/sched_name_%d leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-6115. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. Affected by this vulnerability is the function form_portforwarding of the file /goform/form_portforwarding. The manipulation of the argument ingress_name_%d/sched_name_%d/name_%d leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-6114. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #591173 / VDB-312587

Submit #591161 / VDB-312586

Submit #591160 / VDB-312585

Submit #592570 / VDB-312584

Submit #592568 / VDB-312583

A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. Affected is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. This vulnerability is traded as CVE-2025-6113. It is possible to launch the attack remotely. Furthermore, there is an exploit available.