5.3
CVE-2025-7415 - Tenda O3V2 httpd getTraceroute fromTraceroutGet command injection
A vulnerability, which was classified as critical, has been found in Tenda O3V2 1.0.0.12(3880). This issue affects the function fromTraceroutGet of the file /goform/getTraceroute of the component httpd. The manipulation of the argument dest leads to command injection. The attack may be initiated re…
5.1
CVE-2025-4662 - Plaintext security passwords are logged in the audit logs while executing openssl cmd
Brocade SANnav before SANnav 2.4.0a logs plaintext passphrases in the Brocade SANnav host server audit logs while executing OpenSSL command using a passphrase from the command line or while providing the passphrase through a temporary file. These audit logs are the local server VM’s audit logs and…
5.3
CVE-2025-7414 - Tenda O3V2 httpd setPingInfo fromNetToolGet os command injection
A vulnerability classified as critical was found in Tenda O3V2 1.0.0.12(3880). This vulnerability affects the function fromNetToolGet of the file /goform/setPingInfo of the component httpd. The manipulation of the argument domain leads to os command injection. The attack can be initiated remotely. …
8.2
CVE-2025-3947 - Integer underflow during processing of short network packets in CDA FTEB responder
The Honeywell Experion PKS contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in improper integer data value checking during subtraction leadin…
8.2
CVE-2025-3946 - Incorrect response generation during FTEB protocol processing
The Honeywell Experion PKS and OneWireless WDM contains a Deployment of Wrong Handler vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to Input Data Manipulation, which could result in incorrect handling of pac…
9.4
CVE-2025-2523 - Lack of buffer clearing before reuse may result in incorrect system behavior.
The Honeywell Experion PKS and OneWireless WDM contains an Integer Underflow vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in a failure during subtracti…
6.5
CVE-2025-2522 - Lack of buffer clearing before reuse may result in incorrect system behavior.
The Honeywell Experion PKS and OneWireless WDM contains Sensitive Information in Resource vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which could result in buffer reuse which …
8.6
CVE-2025-2521 - Lack of indexes’ validation against buffer borders leads to remote code execution.
The Honeywell Experion PKS and OneWireless WDM contains a Memory Buffer vulnerability in the component Control Data Access (CDA). An attacker could potentially exploit this vulnerability, leading to an Overread Buffers, which could result in improper index validation against buffer borders leading …
5.3
CVE-2025-7413 - code-projects Library System profile.php unrestricted upload
A vulnerability classified as critical has been found in code-projects Library System 1.0. This affects an unknown part of the file /user/teacher/profile.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been di…
7.5
CVE-2025-2520 - Dereferencing of an uninitialized pointer leads to denial of service.
The Honeywell Experion PKS contains an Uninitialized Variable in the common Epic Platform Analyzer (EPA) communications. An attacker could potentially exploit this vulnerability, leading to a Communication Channel Manipulation, which results in a dereferencing of an uninitialized pointer leading to…