7.8
CVE-2025-49180 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and refleβ¦
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
8.7
CVE-2025-6146 - TOTOLINK X15 HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiatβ¦
8.7
CVE-2025-6145 - TOTOLINK EX1200T HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The β¦
8.7
CVE-2025-6144 - TOTOLINK EX1200T HTTP POST Request formSysCmd buffer overflow
A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer oveβ¦
8.7
CVE-2025-6143 - TOTOLINK EX1200T HTTP POST Request formNtp buffer overflow
A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to laβ¦
5.2
CVE-2025-48992 - Group-Office vulnerable to blind XSS
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a stored and blind cross-site scripting (XSS) vulnerability exists in the Name Field of the user profile. A malicious attacker can change their name to a javascript payload, whiβ¦
5.3
CVE-2025-6142 - Intera InHire server-side request forgery
A vulnerability was found in Intera InHire up to 20250530. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument 29chcotoo9 leads to server-side request forgery. The attack can be launched remotely. The exploit has been discloβ¦
4.8
CVE-2025-6141 - GNU ncurses parse_entry.c postprocess_termcap stack-based overflow
A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading toβ¦
4.2
CVE-2025-43200 -
This issue was addressed with improved checks. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPadOS 16.7.11, iOS 18.3.1 and iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, visionOS 2.3.1, watchOS 11.3.1. A logic issue existed wheβ¦
4.8
CVE-2025-6140 - spdlog pattern_formatter-inl.h scoped_padder resource consumption
A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit hβ¦