5.3
CVE-2025-5967 -
A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan NameΒ field, resulting in the exposure of sensitive data.
8.7
CVE-2025-6940 - TOTOLINK A702R HTTP POST Request formParentControl buffer overflow
A vulnerability classified as critical was found in TOTOLINK A702R 4.0.0-B20230721.1521. Affected by this vulnerability is an unknown functionality of the file /boafrm/formParentControl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow.β¦
8.1
CVE-2024-49364 - tiny-secp256k1 vulnerable to private key extraction when signing a malicious JSON-stringifyable mesβ¦
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. The Buffer.isBufβ¦
8.1
CVE-2024-49365 - tiny-secp256k1 allows for verify() bypass when running in bundled environment
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. Buffer.isBuffer check canβ¦
8.7
CVE-2025-6939 - TOTOLINK A3002RU HTTP POST Request formWlSiteSurvey buffer overflow
A vulnerability classified as critical has been found in TOTOLINK A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formWlSiteSurvey of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to laβ¦
4.4
CVE-2024-46993 - Electron Vulnerable to Heap Buffer Overflow in NativeImage::CreateFromPath
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. In versions prior to 28.3.2, 29.3.3, and 30.0.3, the nativeImage.createFromPath() and nativeImage.createFromBuffer() functions call a function downstream that is vulnerable to a heapβ¦
7.8
CVE-2024-46992 - Electron ASAR Integrity bypass by just modifying the content
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embβ¦
9.7
CVE-2025-53095 - Sunshine application-wide CSRF in the UI leads to command injection as Administrator
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Cross-Site Request Forgery (CSRF) attacks. This vulnerability allows an attacker to craft a malicious web page that, when visited by an authenticated user, can tβ¦
5.4
CVE-2025-53096 - Sunshine clickjacking in the UI leads to unauthorized actions being performed
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.628.4510, the web UI of Sunshine lacks protection against Clickjacking attacks. This vulnerability allows an attacker to embed the Sunshine interface within a malicious website using an invisible or disguised iframe. Ifβ¦
6.9
CVE-2025-6938 - code-projects Simple Pizza Ordering System editcus.php sql injection
A vulnerability was found in code-projects Simple Pizza Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /editcus.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disβ¦