Aggregator

A vulnerability labeled as critical has been found in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName leads to buffer overflow. This vulnerability is documented as CVE-2025-14139. The attack requires being on the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Nextcloud Calendar up to 4.7.16/5.2.3. This issue affects some unknown processing of the component Attachment Handler. This manipulation causes improper handling of unexpected data type. This vulnerability is registered as CVE-2025-66550. Remote exploitation of the attack is possible. No exploit is available. You should upgrade the affected component.

Submit #698522 / VDB-334529

Submit #698521 / VDB-334528

Submit #698520 / VDB-334527

Submit #698115 / VDB-333330

A vulnerability categorized as critical has been discovered in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. This vulnerability affects the function RE2000v2Repeater_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-14136. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been rated as critical. This affects the function AP_get_wired_clientlist_setClientsName of the file mod_form.so. The manipulation of the argument clientsname_0 leads to stack-based buffer overflow. This vulnerability is listed as CVE-2025-14135. The attack may be initiated remotely. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. Affected by this issue is the function RE2000v2Repeater_get_wireless_clientlist_setClientsName of the file mod_form.so. Executing manipulation of the argument clientsname_0 can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2025-14134. The attack can be launched remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been classified as critical. Affected by this vulnerability is the function AP_get_wireless_clientlist_setClientsName of the file mod_form.so. Performing manipulation of the argument clientsname_0 results in stack-based buffer overflow. This vulnerability is identified as CVE-2025-14133. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #697983 / VDB-334525

Submit #697982 / VDB-334524

Submit #697981 / VDB-334523

Submit #697980 / VDB-334522

Madison, United States, December 5th, 2025, CyberNewsWire Sprocket Security is proud to announce that it has once again been recognized by G2 for “High Performer,” “Best Support,” and “Easiest to Do Business With” in the Winter 2025 Relationship Index for Penetration Testing. This marks the second consecutive quarter Sprocket has earned these honors, reinforcing the […]

The post Sprocket Security Earns Repeat Recognition in G2’s Winter 2025 Relationship Index for Penetration Testing appeared first on Cyber Security News.

A vulnerability was found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06 and classified as critical. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. This vulnerability is referenced as CVE-2025-14126. The attack needs to be initiated within the local network. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as problematic has been identified in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of service. This vulnerability is handled as CVE-2025-14105. The attack can only be done within the local network. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #697527 / VDB-322054

Torrance, California, USA, December 5th, 2025, CyberNewsWire Criminal IP will host a live webinar on December 16 at 11:00 AM Pacific Time (PT), focusing on the shift in cyberattack strategies. The session will examine how an increasing number of incidents now originate from exposed digital assets, rather than from known software vulnerabilities. As organizations rapidly […]

The post Criminal IP to Host Webinar: Beyond CVEs – From Visibility to Action with ASM appeared first on Cyber Security News.

A vulnerability has been found in Yet Another WebClap Plugin up to 0.2 on WordPress and classified as problematic. This impacts an unknown function of the component Shortcode Handler. This manipulation of the argument text causes cross site scripting. The identification of this vulnerability is CVE-2025-13857. It is possible to initiate the attack remotely. There is no exploit available.