Submit #522380: opensolon https://github.com/opensolon/solon <=3.1.0 Path Traversal: '../filedir' [Accepted]
Submit #522380 / VDB-302014
Aggregator
CVE-2025-2959 | TRENDnet TEW-410APB 1.3.06b HTTP Request /usr/sbin/httpd sub_4019A0 null pointer dereference
11 months 2 weeks ago
A vulnerability was found in TRENDnet TEW-410APB 1.3.06b. It has been rated as problematic. Affected by this issue is the function sub_4019A0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference.
This vulnerability is handled as CVE-2025-2959. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-2958 | TRENDnet TEW-818DRU 1.0.14.6 HTTP Request /usr/sbin/httpd denial of service
11 months 2 weeks ago
A vulnerability was found in TRENDnet TEW-818DRU 1.0.14.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to denial of service.
This vulnerability is known as CVE-2025-2958. The attack needs to be done within the local network. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-2957 | TRENDnet TEW-411BRP+ 2.07 HTTP Request /usr/sbin/httpd sub_401DB0 null pointer dereference
11 months 2 weeks ago
A vulnerability was found in TRENDnet TEW-411BRP+ 2.07. It has been classified as problematic. Affected is the function sub_401DB0 of the file /usr/sbin/httpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference.
This vulnerability is traded as CVE-2025-2957. The attack can only be initiated within the local network. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2025-2956 | TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ HTTP Request /usr/sbin/lighttpd plugins_call_handle_uri_raw null pointer dereference
11 months 2 weeks ago
A vulnerability was found in TRENDnet TI-G102i 1.0.7.S0_ /1.0.8.S0_ and classified as problematic. This issue affects the function plugins_call_handle_uri_raw of the file /usr/sbin/lighttpd of the component HTTP Request Handler. The manipulation leads to null pointer dereference.
The identification of this vulnerability is CVE-2025-2956. The attack can only be done within the local network. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
CVE-2011-4043 | Arcinfo PcVue 6.0/8.2/9.0/10.0 ActiveX Control SVUIGrd.ocx integer numeric error (EDB-17896)
11 months 2 weeks ago
A vulnerability classified as very critical was found in Arcinfo PcVue 6.0/8.2/9.0/10.0. This vulnerability affects unknown code of the file SVUIGrd.ocx of the component ActiveX Control. The manipulation of the argument integer leads to numeric error.
This vulnerability was named CVE-2011-4043. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #521727: TRENDnet wi-fi access point TEW_637AP_V2_FW1.3.0.106/FW_TEW_638APB_V2_1.2.7 NULL Pointer Dereference [Accepted]
11 months 2 weeks ago
Submit #521727 / VDB-302013
zhongwei gu
Submit #521725: TRENDnet wi-fi access point firmware_tew_410apbplus_1.3.06b NULL Pointer Dereference [Accepted]
11 months 2 weeks ago
Submit #521725 / VDB-302012
zhongwei gu
Submit #521723: TRENDnet Router TEW-818DRU_v1_1.0.14.6_ Denial of Service [Accepted]
11 months 2 weeks ago
Submit #521723 / VDB-302011
zhongwei gu
Submit #521719: TRENDnet Router TEW-411BRP+ firmware 2.07 NULL Pointer Dereference [Accepted]
11 months 2 weeks ago
Submit #521719 / VDB-302010
zhongwei gu
Submit #521717: TRENDnet Router FW_TI_G102i_v1_1.0.8.S0_/FW_TI_G642i_v1_1.0.7.S0_ NULL Pointer Dereference [Accepted]
11 months 2 weeks ago
Submit #521717 / VDB-302009
zhongwei gu
CVE-2025-2955 | TOTOLINK A3000RU up to 5.9c.5185 IBMS Configuration File ExportIbmsConfig.sh access control
11 months 2 weeks ago
A vulnerability has been found in TOTOLINK A3000RU up to 5.9c.5185 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/ExportIbmsConfig.sh of the component IBMS Configuration File Handler. The manipulation leads to improper access controls.
This vulnerability was named CVE-2025-2955. The attack can be initiated remotely. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
vuldb.com
CVE-2025-2954 | mannaandpoem OpenManus up to 2025.3.13 File app/tool/file_saver.py execute access control
11 months 2 weeks ago
A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/file_saver.py of the component File Handler. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2025-2954. Local access is required to approach this attack. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com
Submit #521567: TOTOLINK A3000RU A3000RU_Firmware V5.9c.5185 Improper Access Controls [Accepted]
11 months 2 weeks ago
Submit #521567 / VDB-302008
yhryhryhr_miemie
CVE-2025-2953 | PyTorch 2.6.0+cu124 torch.mkldnn_max_pool2d denial of service (Issue 149274)
11 months 2 weeks ago
A vulnerability, which was classified as problematic, has been found in PyTorch 2.6.0+cu124. Affected by this issue is the function torch.mkldnn_max_pool2d. The manipulation leads to denial of service.
This vulnerability is handled as CVE-2025-2953. An attack has to be approached locally. Furthermore, there is an exploit available.
vuldb.com
Submit #521545: OpenManus 2025.3.13 Arbitrary File Writing [Accepted]
11 months 2 weeks ago
Submit #521545 / VDB-302007
s0l42
CVE-2025-2952 | Bluestar Micro Mall 1.0 api.php?mod=upload&type=1 File unrestricted upload
11 months 2 weeks ago
A vulnerability classified as critical was found in Bluestar Micro Mall 1.0. Affected by this vulnerability is an unknown functionality of the file /api/api.php?mod=upload&type=1. The manipulation of the argument File leads to unrestricted upload.
This vulnerability is known as CVE-2025-2952. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2951 | Bluestar Micro Mall 1.0 /api/data.php Search sql injection
11 months 2 weeks ago
A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection.
This vulnerability is traded as CVE-2025-2951. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2015-7571 | Yaeger CMS 1.2.1 File Upload unrestricted upload (EDB-39436)
11 months 2 weeks ago
A vulnerability was found in Yaeger CMS 1.2.1. It has been classified as critical. This affects an unknown part of the component File Upload. The manipulation leads to unrestricted upload.
This vulnerability is uniquely identified as CVE-2015-7571. Local access is required to approach this attack. Furthermore, there is an exploit available.
vuldb.com
Submit #521279: pytorch PyTorch version: 2.6.0+cu124 Floating point exception [Accepted]
11 months 2 weeks ago
Submit #521279 / VDB-302006
Default436352