8.6
CVE-2025-14187 - UGREEN DH2100+ nas_svr create handler_file_backup_create buffer overflow
A weakness has been identified in UGREEN DH2100+ up to 5.3.0.251125. This affects the function handler_file_backup_create of the file /v1/file/backup/create of the component nas_svr. Executing a manipulation of the argument path can lead to buffer overflow. The attack can be executed remotely. The β¦
5.1
CVE-2025-14186 - Grandstream GXP1625 Network Status api.values.post cross site scripting
A security flaw has been discovered in Grandstream GXP1625 1.0.7.4. The impacted element is an unknown function of the file /cgi-bin/api.values.post of the component Network Status Page. Performing manipulation of the argument vpn_ip results in basic cross site scripting. Remote exploitation of theβ¦
5.3
CVE-2025-14185 - Yonyou U8 Cloud AppServletService.class sql injection
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The exploitβ¦
5.3
CVE-2025-14184 - SGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injection
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been pubβ¦
5.3
CVE-2025-14183 - SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploiβ¦
5.3
CVE-2025-14182 - Sobey Media Convergence System upload path traversal
A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
8.7
CVE-2025-14141 - UTT θΏε 520W formArpBindConfig strcpy buffer overflow
A flaw has been found in UTT θΏε 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of the argument pools can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. Thβ¦
7.1
CVE-2025-14140 - UTT θΏε 520W websHostFilter strcpy buffer overflow
A vulnerability was detected in UTT θΏε 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public anβ¦
6.9
CVE-2025-14139 - UTT θΏε 520W formConfigDnsFilterGlobal strcpy buffer overflow
A security vulnerability has been detected in UTT θΏε 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName leads to buffer overflow. The exploit has been disclosed publicly and may be used. The vendor was coβ¦
8.7
CVE-2025-14136 - Linksys RE6500/RE6250/RE6300/RE6350/RE7000/RE9000 mod_form.so stack-based overflow
A security flaw has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argβ¦