Aggregator

CVE-2025-5633 | code-projects/anirbandutta9 Content Management System/News-Buzz 1.0 /admin/users.php delete sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/users.php. The manipulation of the argument delete leads to sql injection. This vulnerability is handled as CVE-2025-5633. The attack may be launched remotely. Furthermore, there is an exploit available.
vuldb.com

Roundcube Webmail under fire: critical exploit found after a decade

Security Affairs
6 months 3 weeks ago
A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control […]
Pierluigi Paganini

CVE-2025-5632 | code-projects/anirbandutta9 Content Management System/News-Buzz 1.0 /admin/users.php change_to_admin sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. This vulnerability is known as CVE-2025-5632. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5631 | code-projects/anirbandutta9 Content Management System/News-Buzz 1.0 /publicposts.php post sql injection

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been classified as critical. Affected is an unknown function of the file /publicposts.php. The manipulation of the argument post leads to sql injection. This vulnerability is traded as CVE-2025-5631. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5598 | WF Steuerungstechnik airleader MASTER 3.0046 path traversal (msec-2025-004 / EUVD-2025-16866)

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability was found in WF Steuerungstechnik airleader MASTER 3.0046 and classified as problematic. This issue affects some unknown processing. The manipulation leads to path traversal: '.../...//'. The identification of this vulnerability is CVE-2025-5598. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-5630 | D-Link DIR-816 1.10CNB05 form2lansetup.cgi ip stack-based overflow

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability was named CVE-2025-5630. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com

CVE-2025-5629 | Tenda AC10 up to 15.03.06.47 HTTP /goform/SetPptpServerCfg formSetPPTPServer startIp/endIp buffer overflow

VulDB Recent Entries
6 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-5629. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com

Managed ad