6.9
CVE-2025-4734 - Campcodes Sales and Inventory System ci_update.php sql injection
A vulnerability, which was classified as critical, was found in Campcodes Sales and Inventory System 1.0. Affected is an unknown function of the file /pages/ci_update.php. The manipulation of the argument id/name leads to sql injection. It is possible to launch the attack remotely. The exploit has β¦
5.4
CVE-2024-51475 - IBM Content Navigator HTML injection
IBM Content Navigator 3.0.11, 3.0.15, and 3.1.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
8.7
CVE-2025-4733 - TOTOLINK A3002R/A3002RU HTTP POST Request formIpQoS buffer overflow
A vulnerability, which was classified as critical, has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This issue affects some unknown processing of the file /boafrm/formIpQoS of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. β¦
8.7
CVE-2025-4732 - TOTOLINK A3002R/A3002RU HTTP POST Request formFilter buffer overflow
A vulnerability classified as critical was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This vulnerability affects unknown code of the file /boafrm/formFilter of the component HTTP POST Request Handler. The manipulation of the argument ip6addr leads to buffer overflow. The attack can β¦
8.7
CVE-2025-4731 - TOTOLINK A3002R/A3002RU HTTP POST Request formPortFw buffer overflow
A vulnerability classified as critical has been found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formPortFw of the component HTTP POST Request Handler. The manipulation of the argument service_type/ip_subnet leads to buffer overflow. It is β¦
8.7
CVE-2025-4730 - TOTOLINK A3002R/A3002RU HTTP POST Request formMapDel buffer overflow
A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMapDel of the component HTTP POST Request Handler. The manipulation of the argument devicemac1 leads to buffer oβ¦
4.5
CVE-2025-48175 -
In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes.
7.8
CVE-2025-4802 - glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions β¦
5.9
CVE-2025-32407 -
Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identitβ¦
6.5
CVE-2024-40120 -
seaweedfs v3.68 was discovered to contain a SQL injection vulnerability via the component /abstract_sql/abstract_sql_store.go.