9.3
CVE-2025-40621 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ paramete…
9.3
CVE-2025-40620 - Multiple vulnerabilities in TCMAN's GIM
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’ paramete…
8.7
CVE-2025-4347 - D-Link DIR-600L formWlSiteSurvey buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been declared as critical. Affected by this vulnerability is the function formWlSiteSurvey. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. This vulnerability only affects product…
8.7
CVE-2025-4346 - D-Link DIR-600L formSetWAN_Wizard534 buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01. It has been classified as critical. Affected is the function formSetWAN_Wizard534. The manipulation of the argument host leads to buffer overflow. It is possible to launch the attack remotely. This vulnerability only affects products that …
8.7
CVE-2025-4345 - D-Link DIR-600L formSetLog buffer overflow
A vulnerability was found in D-Link DIR-600L up to 2.07B01 and classified as critical. This issue affects the function formSetLog. The manipulation of the argument host leads to buffer overflow. The attack may be initiated remotely. This vulnerability only affects products that are no longer suppor…
8.7
CVE-2025-4344 - D-Link DIR-600L formLogin buffer overflow
A vulnerability, which was classified as critical, was found in D-Link DIR-600L up to 2.07B01. This affects the function formLogin. The manipulation of the argument host leads to buffer overflow. It is possible to initiate the attack remotely. This vulnerability only affects products that are no lo…
6.4
CVE-2025-3782 - Cision Block <= 4.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and abo…
7.5
CVE-2025-2011 - Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection via 's' Parameter
The Slider & Popup Builder by Depicter plugin for WordPress is vulnerable to generic SQL Injection via the ‘s' parameter in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes …
7.1
CVE-2025-46762 - Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro m…
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be execu…
3.3
CVE-2025-25052 - arkcompiler_ets_runtime has a buffer overflow vulnerability
in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow.