8.7
CVE-2025-3989 - TOTOLINK N150RT formStaticDHCP buffer overflow
A vulnerability classified as critical was found in TOTOLINK N150RT 3.4.0-B20190525. Affected by this vulnerability is an unknown functionality of the file /boafrm/formStaticDHCP. The manipulation of the argument Hostname leads to buffer overflow. The attack can be launched remotely. The exploit haβ¦
8.7
CVE-2025-3988 - TOTOLINK N150RT formPortFw buffer overflow
A vulnerability classified as critical has been found in TOTOLINK N150RT 3.4.0-B20190525. Affected is an unknown function of the file /boafrm/formPortFw. The manipulation of the argument service_type leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been discloβ¦
5.3
CVE-2025-3987 - TOTOLINK N150RT formWsc command injection
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument localPin leads to command injection. The attack may be initiated remotely. The exploit has been disclβ¦
5.3
CVE-2025-3986 - Apereo CAS CasConfigurationMetadataServerController.java redos
A vulnerability was found in Apereo CAS 5.2.6. It has been declared as problematic. This vulnerability affects unknown code of the file cas-5.2.6\core\cas-server-core-configuration-metadata-repository\src\main\java\org\apereo\cas\metadata\rest\CasConfigurationMetadataServerController.java. The maniβ¦
5.1
CVE-2025-3985 - Apereo CAS ResponseEntity redos
A vulnerability was found in Apereo CAS 5.2.6. It has been classified as problematic. This affects the function ResponseEntity of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\ManageRegisteredServicesMultiActionController.java. The manipβ¦
2.3
CVE-2025-3984 - Apereo CAS Groovy Code RegisteredServiceSimpleFormController.java saveService code injection
A vulnerability was found in Apereo CAS 5.2.6 and classified as critical. Affected by this issue is the function saveService of the file cas-5.2.6\webapp-mgmt\cas-management-webapp-support\src\main\java\org\apereo\cas\mgmt\services\web\RegisteredServiceSimpleFormController.java of the component Groβ¦
5.1
CVE-2025-3983 - AMTT Hotel Broadband Operation System nlog_down.php command injection
A vulnerability has been found in AMTT Hotel Broadband Operation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manager/system/nlog_down.php. The manipulation of the argument ProtocolType leads to command injection. The attack can be lβ¦
2.4
CVE-2025-2866 - PDF signature forgery with adbe.pkcs7.sha1 SubFilter
Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation. In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid Tβ¦
5.3
CVE-2025-3982 - nortikin Sverchok Set Property Mk2 Node getsetprop_mk2.py SvSetPropNodeMK2 prototype pollution
A vulnerability, which was classified as problematic, was found in nortikin Sverchok 1.3.0. Affected is the function SvSetPropNodeMK2 of the file sverchok/nodes/object_nodes/getsetprop_mk2.py of the component Set Property Mk2 Node. The manipulation leads to improperly controlled modification of objβ¦
5.3
CVE-2025-3981 - wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System details improper authorization
A vulnerability, which was classified as problematic, has been found in wowjoy ζ΅ζ±ζΉε·εεδΏ‘ζ―η§ζζιε ¬εΈ Internet Doctor Workstation System 1.0. This issue affects some unknown processing of the file /v1/prescription/details/. The manipulation leads to improper authorization. The attack may be initiated remotβ¦