8.6
CVE-2025-5866 - RT-Thread lwp_syscall.c sys_sigprocmask array index
A vulnerability classified as critical has been found in RT-Thread 5.1.0. This affects the function sys_sigprocmask of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument how leads to improper validation of array index.
9.3
CVE-2025-5893 - Honding Technology Smart Parking Management System - Exposure of Sensitive Information
Smart Parking Management System from Honding Technology has an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access a specific page and obtain plaintext administrator credentials.
8.6
CVE-2025-5865 - RT-Thread Parameter lwp_syscall.c sys_select memory corruption
A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sys_select of the file rt-thread/components/lwp/lwp_syscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor explaβ¦
6.3
CVE-2025-5864 - Tenda TDSEE App Password Reset Confirmation Code ConfirmSmsCode excessive authentication
A vulnerability was found in Tenda TDSEE App up to 1.7.12. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /app/ConfirmSmsCode of the component Password Reset Confirmation Code Handler. The manipulation leads to improper restriction of excβ¦
6.1
CVE-2025-4652 - Broadstreet < 1.51.8 - Reflected XSS
The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
4.8
CVE-2025-3582 - Newsletter < 8.8.5 - Admin+ Stored XSS via Form
The Newsletter WordPress plugin before 8.85 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
4.8
CVE-2025-3581 - Newsletter < 8.8.5 - Admin+ Stored XSS via Widget
The Newsletter WordPress plugin before 8.8.5 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_htmβ¦
8.7
CVE-2025-5863 - Tenda AC5 SetRebootTimer formSetRebootTimer stack-based overflow
A vulnerability was found in Tenda AC5 15.03.06.47. It has been classified as critical. Affected is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. It is possible to launch the attack remotely. Theβ¦
8.7
CVE-2025-5862 - Tenda AC7 setPptpUserList formSetPPTPUserList buffer overflow
A vulnerability was found in Tenda AC7 15.03.06.44 and classified as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been discloseβ¦
8.7
CVE-2025-5861 - Tenda AC7 AdvSetLanip fromadvsetlanip buffer overflow
A vulnerability has been found in Tenda AC7 15.03.06.44 and classified as critical. This vulnerability affects the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be initiated remotely. The exploit has been β¦