8.7
CVE-2025-6568 - TOTOLINK EX1200T HTTP POST Request formIpv6Setup buffer overflow
A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formIpv6Setup of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to lauβ¦
6.9
CVE-2025-6567 - Campcodes Online Recruitment Management System view_application.php sql injection
A vulnerability was found in Campcodes Online Recruitment Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file Recruitment/admin/view_application.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remoβ¦
7
CVE-2025-36537 - Incorrect Permission Assignment for Critical Resource in TeamViewer Remote Management
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulβ¦
6.9
CVE-2025-6566 - oatpp Oat++ Deserializer.cpp deserializeArray stack-based overflow
A vulnerability was found in oatpp Oat++ up to 1.3.1. It has been declared as critical. This vulnerability affects the function deserializeArray of the file src/oatpp/json/Deserializer.cpp. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has β¦
8.7
CVE-2025-6565 - Netgear WNCE3001 HTTP POST Request http_d stack-based overflow
A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exβ¦
8.1
CVE-2025-6436 - Memory safety bugs fixed in Firefox 140 and Thunderbird 140
Memory safety bugs present in Firefox 139 and Thunderbird 139. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 140 and Thunderbird 140.
8.1
CVE-2025-6435 - Save as in Devtools could download files without sanitizing the extension
If a user saved a response from the Network tab in Devtools using the Save As context menu option, that file may not have been saved with the `.download` file extension. This could have led to the user inadvertently running a malicious executable. This vulnerability was fixed in Firefox 140 and Thuβ¦
4.3
CVE-2025-6434 - HTTPS-Only exception screen lacked anti-clickjacking delay
The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an exception and loading a webpage over HTTP. This vulnerability was fixed in Firefox 140 and Thunderbird 140.
9.8
CVE-2025-6433 - WebAuthn would allow a user to sign a challenge on a webpage with an invalid TLS certificate
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vuβ¦
6.5
CVE-2025-6431 - The prompt in Firefox for Android that asks before opening a link in an external application could β¦
When a link can be opened in an external application, Firefox for Android will, by default, prompt the user before doing so. An attacker could have bypassed this prompt, potentially exposing the user to security vulnerabilities or privacy leaks in external applications. *This bug only affects Fireβ¦