Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection.

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

A buffer overflow in the formSetCfm() function of Tenda AC1206 1200M 11ac US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.

A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.

Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF.

An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file

string-math v1.2.2 was discovered to contain a Regex Denial of Service (ReDoS) which is exploited via a crafted input.

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes.

Several services in Honor Device Co., Ltd Honor PC Manager v16.0.0.118 was discovered to connect services to the named pipe iMateBookAssistant with default or overly permissive security attributes, leading to a privilege escalation.

No description is available for this CVE.