Aggregator

A vulnerability was found in Meta react-server-dom-webpack, react-server-dom-turbopack and react-server-dom-parcel 19.0.0/19.1.0/19.1.1/19.2.0. It has been classified as critical. This affects an unknown part of the component React Server. This manipulation causes deserialization. This vulnerability is handled as CVE-2025-55182. The attack can be initiated remotely. Additionally, an exploit exists.

For this week in scams, we have fake AI-generated shopping images that could spoil your holidays, scammers use an Apple...

The post This Week in Scams: Phony AI Ads, Apple Account Takeover Attempts, and a PlayStation Scam appeared first on McAfee Blog.

A vulnerability described as critical has been identified in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of the argument pools can lead to buffer overflow. This vulnerability appears as CVE-2025-14141. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. This vulnerability is reported as CVE-2025-14140. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as critical has been found in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName leads to buffer overflow. This vulnerability is documented as CVE-2025-14139. The attack requires being on the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Nextcloud Calendar up to 4.7.16/5.2.3. This issue affects some unknown processing of the component Attachment Handler. This manipulation causes improper handling of unexpected data type. This vulnerability is registered as CVE-2025-66550. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Submit #698522 / VDB-334529

Submit #698521 / VDB-334528

Submit #698520 / VDB-334527

Submit #698115 / VDB-333330

A vulnerability categorized as critical has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-14136. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-14135. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this issue is the function RE2000v2Repeater_get_wireless_clientlist_setClientsName of the file mod_form.so. Executing manipulation of the argument clientsname_0 can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-14134. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. Affected by this vulnerability is the function AP_get_wireless_clientlist_setClientsName of the file mod_form.so. Performing manipulation of the argument clientsname_0 results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-14133. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #697983 / VDB-334525

Submit #697982 / VDB-334524