6.9
CVE-2025-1808 - Pixsoft E-Saphira Login Endpoint servlet sql injection
A vulnerability has been found in Pixsoft E-Saphira 1.7.24 and classified as critical. This vulnerability affects unknown code of the file /servlet?act=login&tipo=1 of the component Login Endpoint. The manipulation of the argument txtUsuario leads to sql injection. The attack can be initiated remotβ¦
5.1
CVE-2025-1807 - Eastnets PaymentSafe Edit Manual Reply directRouter.rfc cross site scripting
A vulnerability, which was classified as problematic, was found in Eastnets PaymentSafe 2.5.26.0. This affects an unknown part of the file /directRouter.rfc of the component Edit Manual Reply Handler. The manipulation of the argument Title leads to basic cross site scripting. It is possible to initβ¦
4.7
CVE-2022-49733 - ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, then takes the params_β¦
5.4
CVE-2025-27579 -
In Bitaxe ESP-Miner before 2.5.0 with AxeOS, one can use an /api/system CSRF attack to update the payout address (aka stratumUser) for a Bitaxe Bitcoin miner, or change the frequency and voltage settings.
4
CVE-2025-25724 - libarchive: Buffer Overflow vulnerability in libarchive
list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custoβ¦
5.3
CVE-2025-1806 - Eastnets PaymentSafe URL Default.aspx improper authorization
A vulnerability, which was classified as problematic, has been found in Eastnets PaymentSafe 2.5.26.0. Affected by this issue is some unknown functionality of the file /Default.aspx of the component URL Handler. The manipulation leads to improper authorization. The attack may be launched remotely. β¦
7.3
CVE-2025-1804 - Blizzard Battle.Net profapi.dll uncontrolled search path
A vulnerability was found in Blizzard Battle.Net up to 2.39.0.15212 on Windows and classified as critical. Affected by this issue is some unknown functionality in the library profapi.dll. The manipulation leads to uncontrolled search path. The attack needs to be approached locally. The complexity oβ¦
5.3
CVE-2025-1800 - D-Link DAR-7000 HTTP POST Request sxh_vpnlic.php get_ip_addr_details command injection
A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function get_ip_addr_details of the file /view/vpn/sxh_vpn/sxh_vpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection.β¦
5.3
CVE-2025-1799 - Zorlan SkyCaiji Tool.php previewAction server-side request forgery
A vulnerability, which was classified as critical, was found in Zorlan SkyCaiji 2.9. This affects the function previewAction of the file vendor/skycaiji/app/admin/controller/Tool.php. The manipulation of the argument data leads to server-side request forgery. It is possible to initiate the attack rβ¦
5.3
CVE-2025-1797 - Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System anyUserBβ¦
A vulnerability, which was classified as critical, has been found in Hunan Zhonghe Baiyi Information Technology Baiyiyun Asset Management and Operations System up to 20250217. Affected by this issue is some unknown functionality of the file /wuser/anyUserBoundHouse.php. The manipulation of the arguβ¦