Aggregator

Submit #618640 / VDB-317026

A vulnerability was found in D-Link DIR-513 1.0. It has been rated as critical. Affected by this issue is the function sprintf of the file /goform/formLanSetupRouterSettings of the component Boa Webserver. The manipulation of the argument curTime leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is handled as CVE-2025-7909. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in D-Link DI-8100 1.0. It has been declared as critical. Affected by this vulnerability is the function sprintf of the file /ddns.asp?opt=add of the component jhttpd. The manipulation of the argument mx leads to stack-based buffer overflow. This vulnerability is known as CVE-2025-7908. The attack can be launched remotely. Furthermore, there is an exploit available.

Submit #618594 / VDB-317025

Submit #618593 / VDB-317024

Submit #618582 / VDB-317023

Космическая гонка может стоить Земле озонового щита.

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. This vulnerability is traded as CVE-2025-7907. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1 and classified as critical. This issue affects the function uploadFile of the file ruoyi-admin/src/main/java/com/ruoyi/web/controller/common/CommonController.java. The manipulation of the argument File leads to unrestricted upload. The identification of this vulnerability is CVE-2025-7906. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. This vulnerability was named CVE-2025-7905. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-7904. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #618362 / VDB-317022

Submit #618361 / VDB-317021

A vulnerability, which was classified as critical, has been found in eslint-config-prettier 8.10.1/9.1.1/10.1.6/10.1.7 on Windows. Affected by this issue is some unknown functionality in the library node-gyp.dll. The manipulation leads to embedded malicious code. This vulnerability is handled as CVE-2025-54313. The attack may be launched remotely. There is no exploit available.

Submit #618360 / VDB-199686

Submit #618359 / VDB-317020

Submit #618358 / VDB-317019

A PoisonSeed phishing campaign is bypassing FIDO2 security key protections by abusing the cross-device sign-in feature in WebAuthn to trick users into approving login authentication requests from fake company portals. [...]

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.9.8. Affected by this issue is the function rswitch_poll. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-42108. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.9.8. Affected by this issue is the function lru_add_fn of the component nilfs2. The manipulation leads to use after free. This vulnerability is handled as CVE-2024-42104. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.