8.7
CVE-2025-5901 - TOTOLINK T10 POST Request cstecgi.cgi UploadCustomModule buffer overflow
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5207 and classified as critical. This vulnerability affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument File leads to buffer overflow. The attack can b…
8.7
CVE-2025-30183 - CyberData 011209 SIP Emergency Intercom Insufficiently Protected Credentials
CyberData 011209 Intercom does not properly store or protect web server admin credentials.
6.9
CVE-2025-30507 - CyberData 011209 SIP Emergency Intercom SQL Injection
CyberData 011209 Intercom could allow an unauthenticated user to gather sensitive information through blind SQL injections.
8.7
CVE-2025-26468 - CyberData 011209 SIP Emergency Intercom Missing Authentication for Critical Function
CyberData 011209 Intercom exposes features that could allow an unauthenticated to gain access and cause a denial-of-service condition or system disruption.
9.3
CVE-2025-30184 - CyberData 011209 SIP Emergency Intercom Authentication Bypass Using an Alternate Path or Channel
CyberData 011209 Intercom could allow an unauthenticated user access to the Web Interface through an alternate path.
5.3
CVE-2025-5900 - Tenda AC9 cross-site request forgery
A vulnerability, which was classified as problematic, was found in Tenda AC9 15.03.02.13. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
4.8
CVE-2025-5899 - GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap
A vulnerability classified as critical was found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected by this vulnerability is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to free of memory not on the heap. An attack has to be approached…
4.8
CVE-2025-5898 - GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write
A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has…
7.5
CVE-2025-49140 - Pion Interceptor's improper RTP padding handling allows remote crash for SFU users (DoS)
Pion Interceptor is a framework for building RTP/RTCP communication software. Versions v0.1.36 through v0.1.38 contain a bug in a RTP packet factory that can be exploited to trigger a panic with Pion based SFU via crafted RTP packets, This only affect users that use pion/interceptor. Users should u…
8.6
CVE-2025-49141 - HaxCMS-PHP Command Injection Vulnerability
HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.3, the `gitImportSite` functionality obtains a URL string from a POST request and insufficiently validates user input. The `set_remote` function later passes this input into `proc_open`, yielding O…