This vulnerability allows an attacker to overflow a buffer by manipulating the "page" argument in the HTTP POST request to the fromRouteStatic function on Tenda FH1201 devices with firmware version 1.2.0.14, potentially allowing remote code execution.
This is a critical issue because it can be exploited remotely, meaning an attacker doesn't need physical access to the device to launch the attack, and a public exploit is available, making it easier for malicious actors to take advantage of the vulnerability.
This vulnerability allows an out-of-bounds read in the osrg GoBGP software, specifically in the SplitRTR function, which can be exploited remotely.
This vulnerability is a problem because it could potentially allow an attacker to access sensitive information or disrupt the normal functioning of the GoBGP software, which could have significant consequences for network stability and security.
This vulnerability, found in Tenda FH1201 version 1.2.0.14, allows an attacker to cause a buffer overflow by manipulating the "mit_ssid" argument in the HTTP POST request to the /goform/AdvSetWrlsafeset function, which can be initiated remotely.
This is a critical issue because it can be exploited remotely, meaning an attacker doesn't need direct access to the device to launch the attack. The buffer overflow can potentially allow the attacker to execute arbitrary code, leading to a takeover of the device, which could compromise the security of the entire network.
The CVE-2025-7462 vulnerability is a null pointer dereference issue in Artifex GhostPDL, specifically in the pdf_ferror function, which can be triggered remotely, allowing an attacker to manipulate the system.
This vulnerability is a problem because it can be exploited remotely, potentially leading to system crashes or unauthorized access, which can compromise the security and stability of the affected system.
The Nokri - Job Board WordPress Theme has a vulnerability that allows attackers with Subscriber-level access or higher to take over other users' accounts, including administrators, by changing their email addresses and then resetting their passwords.
This vulnerability is a problem because it enables attackers to gain unauthorized access to sensitive accounts, potentially leading to data breaches, malicious activities, and compromise of the entire WordPress site, especially since administrators have high-level privileges.
This vulnerability allows an attacker to inject malicious SQL code into a website's database by manipulating the "proId" argument in the /action.php file, potentially giving them unauthorized access to sensitive data.
This is a problem because it enables remote attackers to exploit the vulnerability, potentially leading to data breaches, unauthorized data modification, or even complete control of the affected system, which could have severe consequences for the security and integrity of the data.
The WPBookit plugin for WordPress has a vulnerability that allows attackers to upload any type of file to the site's server without proper validation, potentially leading to remote code execution.
This vulnerability is a significant issue because it enables unauthenticated attackers to upload malicious files, which could result in the execution of arbitrary code on the server, compromising the site's security and potentially leading to data breaches or taking control of the site.
The WPBookit plugin for WordPress allows attackers to upload any type of file to a site's server due to a lack of file type validation, potentially leading to the execution of malicious code.
This vulnerability is a problem because it enables authenticated attackers with minimal access (Subscriber-level or higher) to upload harmful files, which could result in remote code execution and give them control over the affected site.
This vulnerability allows an attacker to craft a malicious DNS packet with a highly compressed domain name, causing the resolv library to consume excessive CPU resources when decompressing the name, leading to a Denial of Service (DoS) condition.
This vulnerability is a problem because it can render an application thread unresponsive, making it unable to perform its intended functions, and potentially disrupting critical services that rely on DNS resolution.
This vulnerability involves a hardcoded secret in Ivanti DSM versions before 2024.2, which allows an authenticated attacker on the same network to access and decrypt sensitive data, including user credentials.
This vulnerability is a problem because it enables an attacker to gain unauthorized access to sensitive information, such as user credentials, which could be used for further malicious activities like identity theft, data breaches, or lateral movement within the network.
This vulnerability allows an authenticated administrator to read any file on the system by sending a specially crafted web request to Ivanti Policy Secure versions below 22.6R1.
This is a problem because it gives an attacker with administrative access the ability to read sensitive files, potentially revealing confidential information, disrupting system operations, or exploiting other vulnerabilities.
This vulnerability allows an authenticated user with an enrolled device to bypass Sentry policy restrictions and gain tunnel access to a protected service, even if they are not authorized to access it.
This vulnerability is a problem because it could allow unauthorized access to sensitive services, potentially leading to data breaches or other security incidents, even though the user cannot fully authenticate to or use the service.
This vulnerability allows an unauthenticated attacker to create a buffer overflow in Ivanti Avalanche Manager before version 6.4.1, potentially disrupting the service or executing arbitrary code.
This vulnerability is a problem because it enables an attacker to disrupt the normal functioning of the Ivanti Avalanche Manager or take control of the system by executing malicious code, which could lead to unauthorized access, data breaches, or other security incidents.
No specific vulnerability or exploit information is provided for CVE-2025-53879, as the original description was rejected and no details are available.
The lack of information about this CVE makes it difficult to assess its potential impact or risk, which could lead to uncertainty in securing systems or applications that might be affected.
This CVE does not have a provided description of its effects or impact, as the original reason for rejection was "Not used".
The lack of information about this CVE makes it difficult to assess its potential impact or risk, which could lead to uncertainty in securing systems or applications.
No specific vulnerability or exploit information is provided for CVE-2025-53877, as the original description was rejected and marked as "Not used".
The lack of information regarding this CVE makes it difficult to assess its potential impact or severity, which could lead to uncertainty in terms of security planning and vulnerability management.
No specific vulnerability or exploit information is available for this CVE, as the original description was rejected and no details were provided.
The lack of information about this CVE makes it difficult to assess its potential impact or risk, which could lead to uncertainty and potential security gaps if it were to be exploited.
No information is available for this CVE, as the original description was rejected and no details were provided.
The lack of information makes it difficult to assess the potential impact or risk associated with this CVE.
No specific vulnerability or exploit information is provided for CVE-2025-53874, as the original description was rejected and marked as "Not used".
The lack of information makes it difficult to assess the potential impact or risk associated with this CVE, but in general, unknown or unspecified vulnerabilities can pose a problem if they are later found to have significant security implications.
No specific vulnerability or exploit information is provided for CVE-2025-53873, as the original description indicates it was rejected and not used.
The lack of information about this CVE means that potential risks or impacts cannot be determined, making it unclear what problems it might pose.
No specific vulnerability or exploit information is available for this CVE, as the original description was rejected and not used.
The lack of information about this CVE makes it difficult to assess its potential impact or risk, which can lead to uncertainty and potential security gaps.
No specific vulnerability or exploit is described, as the reason for rejection is listed as "Not used".
This CVE does not present a known security risk or vulnerability, as it was rejected and has a severity of "N/A", indicating no impact.
The CVE-2025-5199 vulnerability in Canonical Multipass on macOS allows a local attacker to modify files that are executed with administrative privileges during system startup, potentially leading to privilege escalation.
This vulnerability is a problem because it enables an attacker with local access to gain elevated privileges, which could be used to compromise the entire system, steal sensitive information, or install malicious software.
This vulnerability allows an attacker to overflow a buffer by manipulating the "mac" argument in the setWiFiAclRules function of the TOTOLINK T6 router's HTTP POST Request Handler, potentially allowing remote code execution.
This vulnerability is a problem because it can be exploited remotely, meaning an attacker doesn't need physical access to the router to launch an attack. The buffer overflow can lead to unauthorized access, data theft, or disruption of the network, making it a critical security threat.
The CVE-2025-53636 vulnerability allows users to flood log files by generating numerous errors through interactions with the shell app in Open OnDemand, an open-source HPC portal, potentially leading to a Denial of Service (DoS) due to excessively large log files.
This vulnerability is a problem because it can cause a denial of service to the ondemand system, rendering it unavailable or disrupting its normal functioning, which can impact productivity and efficiency in high-performance computing environments.
This vulnerability allows an attacker to inject malicious SQL code into the Mobile Shop 1.0 application by manipulating the "ID" argument in the /EditMobile.php file, which can be done remotely.
This is a problem because SQL injection attacks can give an attacker unauthorized access to sensitive data, allowing them to modify, delete, or extract confidential information, potentially leading to data breaches, financial loss, and reputational damage.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Movie Theater Seat Reservation System 1.0 by manipulating the "ID" argument in the /admin/manage_movie.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to data breaches, system compromise, or disruption of services, which can have serious consequences for the system's users and administrators.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Movie Theater Seat Reservation System by manipulating the "ID" argument in the /reserve.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to access and manipulate sensitive information in the database, which could lead to data breaches, tampering, or even complete system compromise, ultimately putting user data and system security at risk.
The CVE-2025-7455 vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Movie Theater Seat Reservation System 1.0 by manipulating the "mid" argument in the /manage_reserve.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to unauthorized data breaches, modifications, or even deletion of critical information, which can compromise the security and integrity of the reservation system.
This vulnerability allows attackers to access an IP camera's Telnet service using default, undocumented credentials, giving them root-level control and the ability to execute remote code.
This is a problem because it enables unauthorized users to take complete control of the camera, potentially allowing them to spy on individuals, disrupt camera functionality, or use the camera as a launching point for further attacks on the network.
This vulnerability allows an attacker to inject malicious SQL code into the Campcodes Online Movie Theater Seat Reservation System by manipulating the "ID" argument in the /admin/manage_theater.php file, potentially giving them unauthorized access to sensitive data.
This is a problem because it enables remote attackers to access and manipulate sensitive information, potentially leading to data breaches, unauthorized modifications, or even taking control of the system, which could have severe consequences for the security and integrity of the reservation system.
This vulnerability allows an attacker to use a hard-coded password in the JSON Web Token Handler of the saltbo zpan application, potentially due to improper input validation in the NewToken function.
This issue is problematic because it could enable remote attackers to gain unauthorized access to the application by exploiting the hard-coded password, which could lead to sensitive data exposure or other malicious activities.
A vulnerability in IBM MQ 9.3 and 9.4 Client can cause a crash (SIGSEGV) in the AMQRMPPA channel process when connecting to an MQ Queue Manager, resulting in the termination of the process.
This vulnerability is a problem because it can lead to unexpected crashes and disruptions in service, potentially causing data loss, delays, or other issues for applications relying on IBM MQ for messaging and communication.
This vulnerability allows an attacker to overflow a heap buffer in the mvfst system by sending a specially crafted message during a QUIC session, potentially causing the system to crash or execute malicious code.
This vulnerability is a problem because it can be exploited by attackers to disrupt or take control of systems running affected mvfst versions, leading to potential data breaches, system compromises, or other malicious activities.
This vulnerability allows an attacker to inject operating system commands into Linksys E1000, E1200, and E3200 devices through a specific parameter in the apply.cgi script, potentially giving them control over the device.
This vulnerability is a problem because it could allow an attacker to take control of the device, steal sensitive information, or use the device as a launching point for further attacks on the network, posing a significant risk to the security and integrity of the network.
This vulnerability allows an attacker to manipulate the "fileName" argument in the GetFile function of the go-chat application, enabling them to access files outside of the intended directory through a path traversal attack, which can be initiated remotely.
This vulnerability is a problem because it allows unauthorized access to sensitive files and data, potentially leading to data breaches, theft, or other malicious activities, and since the exploit has been publicly disclosed, attackers may already be using it.
The logout function in haxcms-nodejs and haxcms-php, backends for HAXcms, fails to properly end a user's session and clear their cookies when they log out, and instead issues a refresh token.
This vulnerability is a problem because it allows an attacker to potentially reuse a user's session or cookies, gaining unauthorized access to the user's account and sensitive information, even after the user has attempted to log out.
The Postiz AI social media scheduling tool has a vulnerability that allows an attacker to inject arbitrary HTTP headers into the application's middleware pipeline, enabling a server-side request forgery (SSRF) condition that can initiate unauthorized outbound requests from the server.
This vulnerability is a problem because it can be exploited by attackers to make unauthorized requests from the server, potentially leading to data breaches, unauthorized access, or other malicious activities, compromising the security and integrity of the system.
This vulnerability causes a heap-buffer-overflow when loading ExecuTorch methods, which can lead to a runtime crash and potentially allow for code execution or other unwanted effects.
This vulnerability is a problem because it can cause the system to crash and may allow attackers to execute malicious code, potentially giving them control over the system or access to sensitive information.
This vulnerability allows an attacker to manipulate the filename argument in the ResetUserAvatar function, enabling them to traverse the file system and potentially access or modify sensitive files.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate files on the system without needing physical access, which could lead to data breaches, unauthorized file modifications, or other malicious activities.
The CVE-2025-47964 vulnerability allows an attacker to spoof Microsoft Edge (Chromium-based), potentially tricking users into revealing sensitive information or performing unintended actions.
This vulnerability is a problem because it can be used to deceive users, leading to phishing attacks, unauthorized access to personal data, or execution of malicious code, which can compromise the security and integrity of the user's system.
This vulnerability in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network, which means they can trick users into thinking they are communicating with a legitimate website or system when they are actually interacting with the attacker.
This vulnerability is a problem because it can lead to phishing attacks, where attackers can steal sensitive information such as passwords, credit card numbers, or personal data, by making users believe they are providing this information to a trusted source.
This vulnerability allows an attacker to bypass a security feature in Microsoft Edge (Chromium-based) by exploiting improper input validation, which can be done locally by an authorized user.
This vulnerability is a problem because it enables an attacker to potentially access sensitive information or perform unauthorized actions, compromising the security and integrity of the system, even if they are already authorized to some extent.
The CVE-2025-45582 vulnerability in GNU Tar through 1.35 allows an attacker to overwrite files on a system by creating a specially crafted TAR archive that uses directory traversal. This is done in a two-step process where the first archive creates a symlink to a critical directory, and the second archive uses this symlink to overwrite a critical file.
This vulnerability is a problem because it bypasses the protection mechanism that normally prevents directory traversal attacks, allowing an attacker to modify sensitive files on a system. This can be particularly damaging for server applications that automatically extract user-supplied TAR archives, as it could lead to unauthorized access or data tampering.
The CVE-2025-43856 vulnerability allows an attacker to hijack a user's account in the immich photo and video management solution through OAuth2, by exploiting the fact that the "state" parameter is not properly checked, enabling the attacker to link the victim's account to their own OAuth account.
This vulnerability is a problem because it enables an attacker to gain unauthorized access to a user's account, potentially allowing them to access sensitive photos and videos, and take control of the account using their own OAuth credentials, all without the user's knowledge or consent.
The Meshtastic mesh networking solution has a vulnerability that allows an attacker to send traceroute requests to a remote node without any limitations on the response rate, potentially revealing the node's location through signal strength measurements.
This vulnerability is a problem because it compromises the positional confidentiality of the remote node, allowing an attacker to quickly and reliably gather location information, and also enables a reflected Denial of Service (DoS) attack on the network.
This vulnerability allows a local attacker to control a specific register, which can be used to manipulate memory locations and potentially gain elevated privileges by corrupting sensitive areas of memory.
This vulnerability is a problem because it enables an attacker to bypass normal security controls, potentially allowing them to escalate their privileges and gain unauthorized access to sensitive system resources, which could lead to a complete system compromise.
This vulnerability allows a local attacker to manipulate the system by providing a specially crafted pointer, which is then used by the system's flash management functions without being checked, enabling unauthorized access to sensitive system memory.
This vulnerability is a problem because it allows an attacker to read or write arbitrary data to the system's memory, potentially leading to corruption of firmware, theft of sensitive information, or the installation of malicious programs that can persist even after the system is restarted.
This vulnerability allows a local attacker to control where data is read from and written to in a specific area of memory, known as System Management RAM (SMRAM), by manipulating certain variables and registers. This can lead to the ability to write arbitrary data to any location in SMRAM.
This vulnerability is a problem because it could allow an attacker to gain elevated privileges and potentially compromise the firmware of a system, which could lead to a permanent compromise of the system's security and integrity.
This vulnerability allows a local attacker to manipulate a specific register, which can be used to write arbitrary data to System Management RAM (SMRAM), potentially leading to unauthorized access and control of the system's firmware.
This vulnerability is a problem because it can be exploited to escalate privileges to System Management Mode (SMM), allowing an attacker to compromise the system's firmware and maintain persistence, even after the system is restarted. This could lead to a complete takeover of the system, allowing the attacker to execute malicious code, steal sensitive data, or disrupt system operations.
This vulnerability allows an unauthorized attacker to access the Juniper Web Device Manager (J-Web) on Juniper Networks Junos OS on SRX Series devices, even if they are not supposed to have access, by exploiting incorrect authorization settings when Juniper Secure Connect (JSC) is enabled or multiple interfaces are configured for J-Web.
This vulnerability is a problem because it allows attackers to reach the J-Web interface over unintended interfaces, potentially giving them access to sensitive device configuration and management capabilities, which could lead to further exploitation and compromise of the device and the network.
The CVE-2025-52989 vulnerability allows a local, authenticated attacker with high privileges to modify the system configuration of Juniper Networks Junos OS and Junos OS Evolved by exploiting an Improper Neutralization of Delimiters vulnerability in the UI, using a specifically crafted annotate configuration command.
This vulnerability is a problem because it enables an attacker to change any part of the device configuration, potentially disrupting network operations, compromising security, and causing significant harm to the system and its users.
The CVE-2025-52988 vulnerability allows a high-privileged, local attacker to inject malicious OS commands into the CLI of Juniper Networks Junos OS and Junos OS Evolved, potentially escalating their privileges to root. This happens when a user provides specifically crafted arguments to the 'request system logout' command, which are then executed as root on the shell.
This vulnerability is a problem because it can completely compromise the device, giving the attacker full control and access to sensitive information. This can lead to unauthorized changes, data breaches, and disruption of critical network services.
The CVE-2025-52986 vulnerability allows a local, low-privileged user to cause a device to run out of memory, leading to a crash and restart of the routing protocol daemon (rpd) in Juniper Networks Junos OS and Junos OS Evolved. This happens when a user executes certain routing-related 'show' commands while RIB sharding is enabled, causing a memory leak that can be monitored using the CLI command "show task memory detail | match task_shard_mgmt_cookie".
This vulnerability is a problem because it can impact the availability of the device, causing it to crash and restart, which can lead to network disruptions and downtime. A local, low-privileged user can exploit this vulnerability, making it a significant concern for network security.
A vulnerability in Juniper Networks Junos OS Evolved allows an unauthenticated attacker to bypass security restrictions by exploiting a flaw in the Routing Engine firewall, specifically when a firewall filter references a prefix list with more than 10 entries, causing the filter to not match and allowing packets to bypass filtering.
This vulnerability is a problem because it enables an attacker to potentially access or manipulate the device, as packets destined to or from the local device are not properly filtered, which could lead to unauthorized access, data breaches, or disruption of service.
The CVE-2025-52984 vulnerability allows an unauthenticated attacker to crash and restart the routing protocol daemon (rpd) in Juniper Networks Junos OS and Junos OS Evolved by sending a specific gNMI query when a static route points to a "reject" next hop.
This vulnerability is a problem because it can cause the device to become unavailable, disrupting network operations and potentially leading to downtime and loss of service. An attacker can exploit this vulnerability without authentication, making it easily accessible to malicious actors.
The CVE-2025-52983 vulnerability allows an unauthenticated attacker to access a Juniper Networks Junos OS device on VM Host systems, even if the public key for root access has been removed, as long as they possess the corresponding private key.
This vulnerability is a problem because it enables unauthorized access to the device, potentially leading to malicious activities such as data theft, system compromise, or network disruption, which can have severe consequences for the security and integrity of the network.
The CVE-2025-52982 vulnerability allows an unauthenticated attacker to cause a Denial-of-Service (DoS) on Juniper Networks Junos OS on MX Series with MS-MPC by exploiting an improper resource shutdown in the SIP ALG, leading to a crash and restart of the MS-MPC when processing specific SIP call events.
This vulnerability is a problem because it enables attackers to disrupt the service of affected MX Series devices, potentially causing significant downtime and impacting critical communications that rely on these devices.
The CVE-2025-52981 vulnerability allows an unauthenticated attacker to send a specific sequence of PIM packets to Juniper Networks Junos OS devices, causing the flow processing daemon (flowd) to crash and restart, resulting in a Denial-of-Service (DoS).
This vulnerability is a problem because it enables an attacker to disrupt the normal functioning of the affected devices, including SRX1600, SRX2300, SRX 4000 Series, and SRX5000 Series with SPC3, by causing the flowd to crash and restart, potentially leading to network downtime and loss of service.
The CVE-2025-52980 vulnerability allows an unauthenticated attacker to send a specific BGP update over an established BGP session, causing the Routing Protocol Daemon (rpd) in Juniper Networks Junos OS on SRX300 Series to crash and restart.
This vulnerability is a problem because it can lead to a Denial-of-Service (DoS) attack, disrupting network services and causing downtime. An attacker can exploit this vulnerability to intentionally crash the rpd, resulting in a loss of network connectivity and potentially significant disruptions to business operations.
The CVE-2025-52994 vulnerability allows an attacker to inject OS commands into the phpThumb library, specifically through the gif_outputAsJpeg function in phpthumb.gif.php, by providing a crafted parameter value.
This vulnerability is a problem because it enables attackers to execute arbitrary system commands on the affected server, potentially leading to unauthorized access, data breaches, or malicious activities, which can compromise the security and integrity of the system.
The CVE-2025-52964 vulnerability allows an unauthenticated attacker to send a specific BGP UPDATE packet to a Juniper Networks device running Junos OS or Junos OS Evolved, causing the Routing Protocol Daemon (rpd) to crash and restart, leading to a Denial of Service (DoS) condition.
This vulnerability is a problem because it enables an attacker to disrupt the normal functioning of the device, potentially causing network instability, downtime, and loss of services, by continuously sending malicious BGP UPDATE packets to the device.
The CVE-2025-52963 vulnerability allows a local attacker with low privileges to shut down an interface on Juniper Networks Junos OS, leading to a Denial-of-Service, by exploiting an Improper Access Control issue in the User Interface.
This vulnerability is a problem because it enables attackers with limited access to disrupt the network by bringing down interfaces, potentially causing service outages and impacting the availability of critical systems.
The CVE-2025-52958 vulnerability allows an unauthenticated attacker to cause a Denial of Service (DoS) on Juniper Networks Junos OS and Junos OS Evolved devices by exploiting a Reachable Assertion vulnerability in the routing protocol daemon (rpd) during BGP initial session establishment.
This vulnerability is a problem because it can lead to a sustained DoS condition, causing the rpd to crash and restart repeatedly, which can disrupt network services and make devices unavailable.
The CVE-2025-52955 vulnerability causes a memory corruption in the routing protocol daemon (rpd) of Juniper Networks Junos OS when an adjacent unauthenticated attacker sends specific updates to the jflow/sflow modules, leading to an rpd crash and restart.
This vulnerability is a problem because it allows an attacker to cause a sustained Denial of Service (DoS) condition, disrupting the normal functioning of the network and potentially leading to significant downtime and loss of service.
The CVE-2025-52954 vulnerability allows a low-privileged user to gain root privileges on Juniper Networks Junos OS Evolved by exploiting a missing authorization flaw in the internal virtual routing and forwarding (VRF) system, enabling them to execute arbitrary commands and modify the system configuration.
This vulnerability is a problem because it allows any low-privileged user with the ability to send packets over the internal VRF to compromise the entire system, giving them unrestricted access to execute commands and modify the configuration, which can lead to a full system compromise.
The CVE-2025-52953 vulnerability allows an unauthenticated attacker to send a valid BGP UPDATE packet to the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved, causing a BGP session reset and resulting in a Denial of Service (DoS).
This vulnerability is a problem because it enables an attacker to disrupt the normal functioning of the network by continuously sending malicious packets, leading to a sustained Denial of Service (DoS) condition that affects both iBGP and eBGP, as well as IPv4 and IPv6.
The CVE-2025-52952 vulnerability allows an unauthenticated attacker to send a malformed packet to a Juniper Networks Junos OS device on MX Series with certain line cards, causing the device's FPC to crash and restart, leading to a Denial of Service (DoS).
This vulnerability is a problem because it enables an attacker to disrupt the normal functioning of the device, potentially causing network downtime and impacting critical services, by repeatedly sending malformed packets to create a sustained Denial of Service condition.
The CVE-2025-52951 vulnerability allows an attacker to bypass firewall filtering on a Juniper Networks Junos OS interface by sending IPv6 traffic, effectively accepting all packets without any further action.
This vulnerability is a problem because it enables attackers to bypass security controls, potentially leading to unauthorized access to the network, data breaches, or other malicious activities, compromising the security and integrity of the system.
The CVE-2025-52950 vulnerability allows an unauthorized attacker to access and modify sensitive information on a Juniper Networks Security Director appliance through the web interface, due to a lack of proper authorization checks.
This vulnerability is a problem because it enables an attacker to gain access to sensitive data that is outside their authorized level, potentially leading to further attacks and compromising downstream managed devices, which could result in significant security breaches and data losses.
The CVE-2025-52949 vulnerability allows a malicious BGP peer to send a specifically malformed BGP packet to a Juniper Networks Junos OS or Junos OS Evolved device, causing the routing protocol daemon (rpd) to crash and restart, resulting in a Denial of Service (DoS).
This vulnerability is a problem because it can be exploited to create a sustained Denial of Service (DoS) condition, disrupting network services and causing downtime, especially in systems configured for Ethernet Virtual Private Networking (EVPN) signaling. This can lead to significant disruptions and potential financial losses.
This vulnerability allows an attacker to crash and restart a Juniper Networks Junos OS system by sending specific, unknown traffic patterns, exploiting a rare timing issue in the Berkeley Packet Filter (BPF) processing.
This vulnerability is a problem because it can cause a system crash and restart, leading to downtime and potential disruption of network services, especially when packet capturing is enabled.
This vulnerability allows an attacker to crash the Forwarding Engine Board (FEB) on specific Juniper Networks Junos OS devices by manipulating interface connections, leading to a Denial of Service (DoS) when the primary path port of an L2 circuit goes down.
This vulnerability is a problem because it can cause network disruptions and outages, potentially leading to significant downtime and loss of productivity, especially in critical infrastructure or high-availability environments.
This vulnerability, known as CVE-2025-52946, allows an attacker to crash the routing protocol daemon (rpd) in Juniper Networks Junos OS and Junos OS Evolved by sending a specifically malformed BGP update with an AS PATH attribute, resulting in a Denial of Service (DoS) and causing the rpd process to crash and restart.
This vulnerability is a problem because it can be exploited by attackers to cause a sustained Denial of Service (DoS) condition, disrupting network services and causing downtime, especially if the attacker continuously sends malformed BGP updates. This can have significant impacts on network availability and reliability.
This vulnerability allows an attacker who has already gained access to a TOTOLINK N300RB router (with firmware version 8.54) to execute any command on the device's operating system with the highest level of privileges (root), due to a hidden remote support feature that uses a static, unchanging secret.
This is a problem because it gives an attacker complete control over the device, allowing them to modify settings, steal data, or use the device for malicious activities, all without being detected or stopped by the device's security measures.
The CVE-2025-48924 vulnerability is an Uncontrolled Recursion issue in Apache Commons Lang, which can cause the ClassUtils.getClass(...) method to throw a StackOverflowError when given very long inputs.
This vulnerability is a problem because it can lead to an application crashing or stopping unexpectedly when a StackOverflowError occurs, as Errors are typically not handled by applications and libraries, resulting in potential disruptions and downtime.
The CVE-2025-30661 vulnerability allows a local, low-privileged user to install scripts on specific Juniper Networks Junos OS line cards that will be executed as root during system boot, potentially leading to privilege escalation.
This vulnerability is a problem because it enables an attacker with local access to gain complete control of the system by executing malicious scripts with root privileges, compromising the security and integrity of the network.
This vulnerability allows an attacker to inject malicious code into the "user" parameter of the calendar/freebusy.php page in eGroupWare, which can then be executed by the user's browser, potentially stealing sensitive information or taking control of the user's session.
This vulnerability is a problem because it enables attackers to trick users into executing malicious code, which can lead to unauthorized access, data theft, or other malicious activities, all without requiring the attacker to have any authentication or authorization.
This vulnerability allows unauthenticated remote attackers to identify and list users of a web application using the eGroupWare calendar feature, specifically through the calendar/freebusy.php page, by analyzing the server's response.
This vulnerability is a problem because it enables attackers to gather sensitive information about the users of the web application, which can be used for targeted attacks, such as phishing or password cracking, potentially leading to unauthorized access and data breaches.
The CVE-2025-51591 vulnerability allows attackers to exploit a Server-Side Request Forgery (SSRF) in JGM Pandoc version 3.6.4, enabling them to inject a crafted iframe and potentially gain access to the entire infrastructure.
This vulnerability is a problem because it could allow unauthorized access to sensitive areas of the infrastructure, potentially leading to data breaches, lateral movement, and further malicious activities, compromising the security and integrity of the system.
The CVE-2025-53862 flaw in Ansible allows unauthorized access to three API endpoints, which provide detailed and sensitive information without requiring authentication.
This vulnerability is a problem because it enables malicious users to obtain potentially important and confidential data, which could be used for further exploitation or malicious activities.
This vulnerability in Ansible allows sensitive cookies to be transmitted without security flags over non-encrypted channels, making them accessible to unauthorized parties and potentially leading to Man-in-the-Middle (MitM) and Cross-site scripting (XSS) attacks.
This is a problem because it enables attackers to intercept and read sensitive data, potentially allowing them to gain unauthorized access to systems, steal sensitive information, or perform malicious actions.
This vulnerability exposes TGML diagram resources to the wrong control sphere, allowing other authenticated users to access potentially sensitive diagrams that they should not have access to.
This is a problem because it can lead to unauthorized access to sensitive information, potentially compromising confidentiality and data integrity, and may also enable malicious activities such as data theft or tampering.
This vulnerability allows an attacker to trick a server into executing remote code without authentication, by manipulating the host request header and accessing hidden URLs over the network.
This vulnerability is a problem because it enables unauthorized access to the server, potentially leading to malicious code execution, data breaches, and system compromise, which can have severe consequences for the security and integrity of the system.
This vulnerability allows an attacker to escalate their privileges on a server when accessed by a privileged account, either through the console or by exploiting a setup script, potentially giving them higher-level access to the system.
This is a problem because it enables attackers to gain more control over the system than they should, potentially leading to unauthorized data access, modification, or deletion, and could compromise the security and integrity of the server and its data.
This vulnerability allows an attacker to inject code and execute remote commands on a server when accessed through a console, by exploiting the hostname input field.
This is a problem because it enables attackers to gain control of the server and perform malicious actions, potentially leading to data breaches, system compromises, or other security incidents, especially since it can be done by a privileged account.
This vulnerability allows an attacker to potentially discover the root password of a system by reverse-engineering the password generation algorithm, using installation or upgrade artifacts.
This is a problem because if an attacker can obtain the root password, they can gain full access to the system, allowing them to execute malicious actions, steal sensitive data, or disrupt the system's operation.
This vulnerability allows an attacker to execute remote code on a system by creating a malicious folder over the web interface using HTTP, potentially leading to unauthorized access and control.
This is a significant issue because it enables unauthenticated remote code execution, meaning an attacker doesn't need login credentials to exploit the system, and it could result in data breaches, system compromise, and other malicious activities.
The CVE-2025-3933 vulnerability allows an attacker to cause excessive CPU consumption in the Hugging Face Transformers library by exploiting a poorly designed regular expression pattern in the DonutProcessor class, leading to potential service disruptions and resource exhaustion.
This vulnerability is a problem because it can be used to launch a denial-of-service attack, causing the library to consume excessive resources and potentially disrupting document processing tasks that rely on the Donut model, which can lead to service unavailability and other security issues.
The Broken Link Notifier plugin for WordPress has a vulnerability that allows attackers to make unauthorized web requests from the application to any location, potentially accessing or modifying internal services.
This vulnerability is a problem because it enables unauthenticated attackers to query and modify information from internal services, which could lead to sensitive data exposure, disruption of services, or further malicious activities.
The Broken Link Notifier plugin for WordPress has a vulnerability that allows attackers to embed malicious data into CSV files that are exported from the plugin, which can lead to code execution when these files are opened on a local system.
This vulnerability is a problem because it can be exploited by authenticated attackers with Contributor-level access or higher to potentially execute malicious code on a user's local system, which can lead to unauthorized access, data theft, or other harmful activities.
This vulnerability allows an attacker to manipulate SOAP API calls and inject malicious XML external entities, potentially granting unauthorized access to files on the server when accessed through the network using an application account.
This vulnerability is a problem because it could allow attackers to access sensitive files without permission, potentially leading to data breaches, theft of sensitive information, or disruption of service, which can have serious consequences for the security and integrity of the system.
The WPGYM Wordpress Gym Management System plugin has a vulnerability that allows attackers to inject malicious SQL code into the database by exploiting insufficiently escaped user-supplied parameters in several functions, potentially enabling them to extract sensitive information.
This vulnerability is a problem because it allows unauthenticated attackers to access and extract sensitive data from the database, which could include member information, financial data, and other confidential details, posing a significant risk to the security and privacy of the system and its users.
The WoodMart plugin for WordPress has a vulnerability that allows unauthorized access to sensitive information, specifically data from password-protected, private, or draft posts, due to insufficient restrictions in the woodmart_get_posts_by_query() function.
This vulnerability is a problem because it enables attackers to extract confidential data without proper authentication, potentially leading to unauthorized exposure of sensitive information, which could compromise user privacy and security.
The FooGallery WordPress plugin has a vulnerability that allows attackers with Contributor-level access or higher to inject malicious scripts into photo gallery captions, which can then be executed when a user views the affected page.
This vulnerability is a problem because it enables authenticated attackers to inject arbitrary web scripts, potentially leading to unauthorized actions, data theft, or taking control of user sessions, which can compromise the security and integrity of the WordPress site.
The WPC Smart Compare for WooCommerce plugin for WordPress has a vulnerability that allows attackers to inject malicious scripts into pages using a specific shortcode, which can then execute when a user visits the infected page.
This vulnerability is a problem because it enables authenticated attackers with contributor-level access or higher to inject arbitrary web scripts, potentially leading to unauthorized actions, data theft, or other malicious activities on the affected website.
The WP Register Profile With Shortcode plugin for WordPress has a vulnerability that allows attackers with certain access levels to extract sensitive user data, including hashed passwords and usernames, using a specific shortcode.
This vulnerability is a problem because it allows authenticated attackers with Contributor-level access or higher to access sensitive information that could be used for further malicious activities, potentially leading to unauthorized access, data breaches, or other security threats.
The CVE-2025-6716 vulnerability allows attackers to inject malicious scripts into pages of a WordPress website using the Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery plugin, by exploiting insufficient input sanitization and output escaping in the 'upload[1][title]' parameter.
This vulnerability is a problem because it enables authenticated attackers with Author-level access or higher to execute arbitrary web scripts on the website, potentially leading to unauthorized actions, data theft, or malware distribution, whenever a user accesses the injected page.
This vulnerability causes a denial of service when invalid values, such as a specially crafted ICC profile, are passed to the QColorTransferGenericFunction in Qt, leading to a system crash or interruption.
This vulnerability is a problem because it can be exploited to disrupt the normal functioning of systems that rely on Qt, potentially causing significant inconvenience, data loss, or even financial losses, especially if the affected systems are critical to business operations or provide essential services.
The GB Forms DB plugin for WordPress has a vulnerability that allows attackers to execute code on the server remotely, using the gbfdb_talk_to_front() function, which accepts user input and passes it through a function that can execute the input as code.
This vulnerability is a significant problem because it enables unauthenticated attackers to take control of the server, potentially allowing them to inject backdoors, create new administrative user accounts, and perform other malicious actions that can compromise the security and integrity of the WordPress site.