9.3
CVE-2025-40620 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifierย โUserโ parameteโฆ
8.7
CVE-2025-4347 - D-Link DIR-600L formWlSiteSurvey buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects productโฆ
8.7
CVE-2025-4346 - D-Link DIR-600L formSetWAN_Wizard534 buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only affects products that โฆ
8.7
CVE-2025-4345 - D-Link DIR-600L formSetLog buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability only affects products that are no longer supporโฆ
8.7
CVE-2025-4344 - D-Link DIR-600L formLogin buffer overflow
A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no loโฆ
6.4
CVE-2025-3782 - Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โidโ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and aboโฆ
7.5
CVE-2025-2011 - Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the โs' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes โฆ
7.1
CVE-2025-46762 - Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro mโฆ
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be execuโฆ
3.3
CVE-2025-25052 - arkcompiler_ets_runtime has a buffer overflow vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.
3.3
CVE-2025-27241 - multimedia_av_codec has a NULL pointer dereference vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference.