CVE ID : CVE-2025-5701 Published : June 5, 2025, 12:15 p.m. | 1 hour, 9 minutes ago Description : The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes…

CVE ID : CVE-2025-3055 Published : June 5, 2025, 6:15 a.m. | 7 hours, 9 minutes ago Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated…

CVE ID : CVE-2025-3054 Published : June 5, 2025, 6:15 a.m. | 7 hours, 9 minutes ago Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated…

CVE ID : CVE-2025-1793 Published : June 5, 2025, 5:15 a.m. | 8 hours, 9 minutes ago Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage…

CVE ID : CVE-2025-5630 Published : June 5, 2025, 3:15 a.m. | 10 hours, 9 minutes ago Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated…

CVE ID : CVE-2025-5629 Published : June 5, 2025, 3:15 a.m. | 10 hours, 9 minutes ago Description : A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer…

CVE ID : CVE-2025-5623 Published : June 5, 2025, 12:15 a.m. | 13 hours, 9 minutes ago Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to…

CVE ID : CVE-2025-5624 Published : June 5, 2025, 1:15 a.m. | 12 hours, 10 minutes ago Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can…

CVE ID : CVE-2025-5622 Published : June 5, 2025, 12:15 a.m. | 13 hours, 9 minutes ago Description : A vulnerability was found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this issue is the function wirelessApcli_5g of the file /goform/wirelessApcli_5g. The manipulation of the argument apcli_mode_5g/apcli_enc_5g/apcli_default_key_5g leads to stack-based buffer overflow. The attack may…

CVE ID : CVE-2025-5619 Published : June 4, 2025, 11:15 p.m. | 14 hours, 9 minutes ago Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may…