Submit #524009: https://github.com/zhangyanbo2007/youkefu youkefu 4.2.0 SSRF [Accepted]
Submit #524009 / VDB-302046
Aggregator
CVE-2025-2996 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/SysToolDDNS access control
8 months 3 weeks ago
A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. This issue affects some unknown processing of the file /goform/SysToolDDNS of the component Web Management Interface. The manipulation leads to improper access controls.
The identification of this vulnerability is CVE-2025-2996. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2995 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/SysToolChangePwd access control
8 months 3 weeks ago
A vulnerability has been found in Tenda FH1202 1.2.0.14(408) and classified as critical. This vulnerability affects unknown code of the file /goform/SysToolChangePwd of the component Web Management Interface. The manipulation leads to improper access controls.
This vulnerability was named CVE-2025-2995. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2994 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/qossetting access control
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Tenda FH1202 1.2.0.14(408). This affects an unknown part of the file /goform/qossetting of the component Web Management Interface. The manipulation leads to improper access controls.
This vulnerability is uniquely identified as CVE-2025-2994. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2993 | Tenda FH1202 1.2.0.14(408) /default.cfg these access control
8 months 3 weeks ago
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls.
This vulnerability is handled as CVE-2025-2993. The attack may be launched remotely. Furthermore, there is an exploit available.
It is recommended to apply restrictive firewalling.
vuldb.com
CVE-2025-2992 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/AdvSetWrlsafeset access control
8 months 3 weeks ago
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls.
This vulnerability is known as CVE-2025-2992. The attack can be launched remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2991 | Tenda FH1202 1.2.0.14(408) Web Management Interface AdvSetWrlmacfilter access control
8 months 3 weeks ago
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls.
This vulnerability is traded as CVE-2025-2991. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2990 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/AdvSetWrlGstset access control
8 months 3 weeks ago
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been rated as critical. This issue affects some unknown processing of the file /goform/AdvSetWrlGstset of the component Web Management Interface. The manipulation leads to improper access controls.
The identification of this vulnerability is CVE-2025-2990. The attack may be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2025-2989 | Tenda FH1202 1.2.0.14(408) Web Management Interface /goform/AdvSetWrl access control
8 months 3 weeks ago
A vulnerability was found in Tenda FH1202 1.2.0.14(408). It has been declared as critical. This vulnerability affects unknown code of the file /goform/AdvSetWrl of the component Web Management Interface. The manipulation leads to improper access controls.
This vulnerability was named CVE-2025-2989. The attack can be initiated remotely. Furthermore, there is an exploit available.
vuldb.com
Submit #523405: 上海卓卓网络科技有限公司 DedeCMS V5.7.92-V5.7.116 Stored Cross-Site Scripting [Duplicate]
8 months 3 weeks ago
Submit #523405 / VDB-237958
falling-snow
Submit #523419: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523419 / VDB-302045
yhryhryhr
Submit #523418: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523418 / VDB-302044
yhryhryhr_backup
Submit #523417: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523417 / VDB-302043
yhryhryhr_mie
Submit #523416: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523416 / VDB-302042
yhryhryhr_mie
Submit #523413: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523413 / VDB-302041
yhryhryhr_tutu
Submit #523412: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523412 / VDB-302040
yhryhryhr_miemie
Submit #523404: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523404 / VDB-302039
yhryhryhr_tu
Submit #523402: Tenda FH1202 V1.2.0.14(408) Improper Access Controls [Accepted]
8 months 3 weeks ago
Submit #523402 / VDB-302038
wxhwxhwxh_mie
Weekly Update 445
8 months 3 weeks ago
Well, this certainly isn't what I expected to be talking about this week! But I think the fact it was someone most people didn't expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot
Troy Hunt
TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials
8 months 3 weeks ago
A newly discovered Android banking malware named TsarBot is targeting over 750 applications globally, including banking, finance, cryptocurrency, and e-commerce platforms. Identified by Cyble Research and Intelligence Labs (CRIL), TsarBot employs sophisticated overlay attacks and phishing techniques to intercept sensitive credentials and execute fraudulent transactions. TsarBot spreads through phishing sites that impersonate legitimate financial platforms. […]
The post TsarBot Android Malware Mimics 750 Banking & Finance Apps to Steal Credentials appeared first on Cyber Security News.
Guru Baran