Total
309354 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-9392 | 1 Linksys | 12 Re6250, Re6250 Firmware, Re6300 and 9 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This affects the function qosClassifier of the file /goform/qosClassifier. Such manipulation of the argument dir/sFromPort/sToPort/dFromPort/dToPort/protocol/layer7/dscp/remark_dscp leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-24157 | 1 Sir | 1 Gnuboard | 2025-09-02 | N/A | 6.1 MEDIUM |
| Gnuboard g6 / https://github.com/gnuboard/g6 commit c2cc1f5069e00491ea48618d957332d90f6d40e4 is vulnerable to Cross Site Scripting (XSS) via board.py. | |||||
| CVE-2025-9393 | 1 Linksys | 10 Re6250, Re6250 Firmware, Re6300 and 7 more | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function addStaProfile of the file /goform/addStaProfile. Performing manipulation of the argument profile_name/Ssid/wep_key_1/wep_key_2/wep_key_3/wep_key_4/wep_key_length/wep_default_key/cipher/passphrase results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-9405 | 1 Open5gs | 1 Open5gs | 2025-09-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. The patch is identified as 8e5fed16114f2f5e40bee1b161914b592b2b7b8f. Applying a patch is advised to resolve this issue. | |||||
| CVE-2025-29514 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 9.8 CRITICAL |
| Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request. | |||||
| CVE-2025-29515 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 9.8 CRITICAL |
| Incorrect access control in the DELT_file.xgi endpoint of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to modify arbitrary settings within the device's XML database, including the administrator’s password. | |||||
| CVE-2025-29516 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 7.2 HIGH |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the backup function. | |||||
| CVE-2025-29517 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 6.8 MEDIUM |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the traceroute6 function. | |||||
| CVE-2025-29519 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 5.3 MEDIUM |
| A command injection vulnerability in the EXE parameter of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to execute arbitrary commands via supplying a crafted GET request. | |||||
| CVE-2025-29520 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 5.3 MEDIUM |
| Incorrect access control in the Maintenance module of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows authenticated attackers with low-level privileges to arbitrarily change the high-privileged account passwords and escalate privileges. | |||||
| CVE-2025-29521 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 5.3 MEDIUM |
| Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack. | |||||
| CVE-2025-29522 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2025-09-02 | N/A | 6.5 MEDIUM |
| D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping function. | |||||
| CVE-2025-56212 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter. | |||||
| CVE-2025-56214 | 1 Phpgurukul | 1 Hospital Management System | 2025-09-02 | N/A | 9.8 CRITICAL |
| phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter. | |||||
| CVE-2025-9434 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was determined in 1000projects Online Project Report Submission and Evaluation System 1.0. This affects an unknown function of the file /admin/edit_title.php?id=1. Executing manipulation of the argument desc can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-9438 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security flaw has been discovered in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected is an unknown function of the file /admin/add_student.php. The manipulation of the argument address results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-9439 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this vulnerability is an unknown functionality of the file /rse/admin/edit_faculty.php?id=2. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. | |||||
| CVE-2025-9440 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-02 | 5.0 MEDIUM | 4.3 MEDIUM |
| A security vulnerability has been detected in 1000projects Online Project Report Submission and Evaluation System 1.0. Affected by this issue is some unknown functionality of the file /admin/add_title.php. Such manipulation of the argument Title leads to cross site scripting. The attack may be performed from a remote location. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-9443 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2025-09-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda CH22 1.0.0.1. This vulnerability affects the function formeditUserName of the file /goform/editUserName. Executing manipulation of the argument new_account can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2025-9444 | 1 1000projects | 1 Online Student Project Report Submission And Evaluation System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in 1000projects Online Project Report Submission and Evaluation System 1.0. This issue affects some unknown processing of the file /admin/controller/delete_group_student.php. The manipulation of the argument batch_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||