5.4
CVE-2025-46041 -
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
6.8
CVE-2025-29627 -
An issue in KeeperChat IOS Application v.5.8.8 allows a physically proximate attacker to escalate privileges via the Biometric Authentication Module
6.1
CVE-2024-46452 -
A Host Header injection vulnerability in the password reset function of VigyBag Open Source Online Shop commit 3f0e21b allows attackers to redirect victim users to a malicious site via a crafted URL.
8.7
CVE-2025-5851 - Tenda AC15 HTTP POST Request AdvSetLanip fromadvsetlanip buffer overflow
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been rated as critical. This issue affects the function fromadvsetlanip of the file /goform/AdvSetLanip of the component HTTP POST Request Handler. The manipulation of the argument lanMask leads to buffer overflow. The attack may be β¦
8.7
CVE-2025-5850 - Tenda AC15 HTTP POST Request SetLEDCf formsetschedled buffer overflow
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been declared as critical. This vulnerability affects the function formsetschedled of the file /goform/SetLEDCf of the component HTTP POST Request Handler. The manipulation of the argument Time leads to buffer overflow. The attack caβ¦
8.7
CVE-2025-5849 - Tenda AC15 HTTP POST Request SetRemoteWebCfg formSetSafeWanWebMan stack-based overflow
A vulnerability was found in Tenda AC15 15.03.05.19_multi. It has been classified as critical. This affects the function formSetSafeWanWebMan of the file /goform/SetRemoteWebCfg of the component HTTP POST Request Handler. The manipulation of the argument remoteIp leads to stack-based buffer overfloβ¦
8.7
CVE-2025-5848 - Tenda AC15 HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow
A vulnerability was found in Tenda AC15 15.03.05.19_multi and classified as critical. Affected by this issue is the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. The manipulation of the argument list leads to buffer overflow. The attackβ¦
7.1
CVE-2025-35010 - Microhard Bullet-LTE and IPn4Gii AT+MNPINGTM Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNPINGTM command that can lead to privilege escalation. This is an instance of CWE-88,Β "Improper Neutralization of Argument Delimiters in a Command ('Argumβ¦
7.1
CVE-2025-35009 - Microhard Bullet-LTE and IPn4Gii AT+MNNETSP Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MNNETSP command that can lead to privilege escalation. This is an instance of CWE-88,Β "Improper Neutralization of Argument Delimiters in a Command ('Argumeβ¦
7.1
CVE-2025-35008 - Microhard Bullet-LTE and IPn4Gii AT+MMNAME Argument Injection
Products that incorporate the Microhard BulletLTE-NA2 and IPn4Gii-NA2 are vulnerable to a post-authentication command injection issue in the AT+MMNAME command that can lead to privilege escalation. This is an instance of CWE-88,Β "Improper Neutralization of Argument Delimiters in a Command ('Argumenβ¦