5.3
CVE-2025-7048 - On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can β¦
On affected platforms running Arista EOS with MACsec configuration, a specially crafted packet can cause the MACsec process to terminate unexpectedly. Continuous receipt of these packets with certain MACsec configurations can cause longer term disruption of dataplane traffic.
6.1
CVE-2026-21491 - iccDEV has unicode buffer overflow in CIccTagTextDescription
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It rβ¦
6.1
CVE-2026-21490 - iccDEV has heap buffer overflow in CIccTagLut16::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It rβ¦
5.3
CVE-2026-0641 - TOTOLINK WA300 cstecgi.cgi sub_401510 command injection
A security vulnerability has been detected in TOTOLINK WA300 5.2cu.7112_B20190227. This vulnerability affects the function sub_401510 of the file cstecgi.cgi. The manipulation of the argument UPLOAD_FILENAME leads to command injection. The attack may be initiated remotely. The exploit has been discβ¦
6.1
CVE-2026-21494 - iccDEV has heap buffer overflow in CIccTagLut8::Validate()
iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. A vulnerability present in versions prior to 2.3.1.2 affects users of the iccDEV library who process ICC color profiles. It rβ¦
5.1
CVE-2025-15382 - Client SCP Request Triggers Buffer Overread by 1 Byte
A heap buffer over-read vulnerability exists in the wolfSSH_CleanPath() function in wolfSSH. An authenticated remote attacker can trigger the issue via crafted SCP path input containing '/./' sequences, resulting in a heap over read by 1 byte.
8.1
CVE-2025-32304 - WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mojoomla WPCHURCH allows PHP Local File Inclusion.This issue affects WPCHURCH: from n/a through 2.7.0.
9.4
CVE-2025-14942 - Authentication Bypass
wolfSSHβs key exchange state machine can be manipulated to leak the clientβs password in the clear, trick the client to send a bogus signature, or trick the client into skipping user authentication. This affects client applications with wolfSSH version 1.4.21 and earlier. Users of wolfSSH must updaβ¦
9.8
CVE-2025-39477 - WordPress InWave Jobs Plugin <= 3.5.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in Sfwebservice InWave Jobs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InWave Jobs: from n/a through 3.5.8.
6.5
CVE-2024-31088 - WordPress AdsPlace'r β Ad Manager, Inserter, AdSense Ads plugin <= 1.1.5 - Cross Site Scripting (XSβ¦
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPShop.Ru AdsPlace'r β Ad Manager, Inserter, AdSense Ads allows DOM-Based XSS.This issue affects AdsPlace'r β Ad Manager, Inserter, AdSense Ads: from n/a through 1.1.5.