Aggregator

Submit #564733 / VDB-307476

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been declared as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. This vulnerability was named CVE-2025-4356. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02. It has been classified as critical. This affects the function set_ws_action of the file /dws/api/. The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2025-4355. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in Tenda DAP-1520 1.10B04_BETA02 and classified as critical. Affected by this issue is the function check_dws_cookie of the file /storage. The manipulation leads to stack-based buffer overflow. This vulnerability is handled as CVE-2025-4354. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #564729 / VDB-307436

Submit #564727 / VDB-307475

Литий и никель устарели: в оборонке и космосе на смену им приходят изотопы…

A vulnerability has been found in IBM DB2 and DB2 Connect Server up to 11.5.9/12.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to memory leak. This vulnerability is known as CVE-2025-1992. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

Submit #564723 / VDB-238335

A vulnerability, which was classified as critical, was found in Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType.htm. The manipulation of the argument dictCn1 leads to sql injection. This vulnerability is traded as CVE-2025-4353. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcEntrFlowSelect.htm. The manipulation of the argument custTradeId leads to sql injection. The identification of this vulnerability is CVE-2025-4352. The attack may be initiated remotely. Furthermore, there is an exploit available.

Submit #564722 / VDB-307474

Submit #564720 / VDB-307473

Submit #564721 / VDB-307472

Submit #564719 / VDB-307472

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. "These vulnerabilities can be chained by

Submit #564593 / VDB-307470

Submit #564592 / VDB-307469

A vulnerability classified as critical was found in D-Link DIR-600L up to 2.07B01. This vulnerability affects the function wake_on_lan. The manipulation of the argument host leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-4350. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as critical has been found in D-Link DIR-600L up to 2.07B01. This affects the function formSysCmd. The manipulation of the argument host leads to command injection. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-4349. It is possible to initiate the attack remotely. There is no exploit available.