Latest CVE Feed
-
2.5
LOWCVE-2024-13978
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as problematic. Affected by this vulnerability is the function t2p_read_tiff_init of the file tools/tiff2pdf.c of the component fax2ps. The manipulation leads to null pointer dereferen... Read more
Affected Products : libtiff- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Memory Corruption
-
6.9
MEDIUMCVE-2013-10063
A path traversal vulnerability exists in the Netgear SPH200D Skype phone firmware versions <= 1.0.4.80 in its embedded web server. Authenticated attackers can exploit crafted GET requests to access arbitrary files outside the web root by injecting travers... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Path Traversal
-
6.9
MEDIUMCVE-2013-10062
A directory traversal vulnerability exists in Linksys router's web interface (tested on the E1500 model firmware versions 1.0.00, 1.0.04, and 1.0.05), specifically in the /apply.cgi endpoint. Authenticated attackers can exploit the next_page POST paramete... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Path Traversal
-
8.6
HIGHCVE-2013-10061
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN1000B model firmware versions 1.1.00.24 and 1.1.00.45) via the TimeToLive parameter in the setup.cgi endpoint. The vulnerability arises from improper input neu... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2013-10060
An authenticated OS command injection vulnerability exists in Netgear routers (tested on the DGN2200B model) firmware versions 1.0.0.36 and prior via the pppoe.cgi endpoint. A remote attacker with valid credentials can execute arbitrary commands via craft... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2013-10059
An authenticated OS command injection vulnerability exists in various D-Link routers (tested on DIR-615H1 running firmware version 8.04) via the tools_vct.htm endpoint. The web interface fails to sanitize input passed from the ping_ipaddr parameter to the... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Injection
-
8.6
HIGHCVE-2013-10058
An authenticated OS command injection vulnerability exists in various Linksys router models (tested on WRT160Nv2) running firmware version v2.0.03 via the apply.cgi endpoint. The web interface fails to properly sanitize user-supplied input passed to the p... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2013-10057
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec c... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2013-10055
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attac... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Authentication
-
8.7
HIGHCVE-2013-10053
A remote command execution vulnerability exists in ZPanel version 10.0.0.2 in its htpasswd module. When creating .htaccess files, the inHTUsername field is passed unsanitized to a system() call that invokes the system’s htpasswd binary. By injecting shell... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2013-10051
A remote PHP code execution vulnerability exists in InstantCMS version 1.6 and earlier due to unsafe use of eval() within the search view handler. Specifically, user-supplied input passed via the look parameter is concatenated into a PHP expression and ex... Read more
Affected Products : instantcms- Published: Aug. 01, 2025
- Modified: Aug. 05, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2013-10050
An OS command injection vulnerability exists in multiple D-Link routers—confirmed on DIR-300 rev A (v1.05) and DIR-615 rev D (v4.13)—via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the ... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2013-10049
An OS command injection vulnerability exists in multiple Raidsonic NAS devices—specifically tested on IB-NAS5220 and IB-NAS4220—via the unauthenticated timeHandler.cgi endpoint exposed through the web interface. The CGI script fails to properly sanitize u... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2013-10048
An OS command injection vulnerability exists in various legacy D-Link routers—including DIR-300 rev B and DIR-600 (firmware ≤ 2.13 and ≤ 2.14b01, respectively)—due to improper input handling in the unauthenticated command.php endpoint. By sending speciall... Read more
- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2013-10047
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacke... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2013-10046
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accept... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 04, 2025
- Vuln Type: Authorization
-
8.7
HIGHCVE-2013-10044
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file u... Read more
Affected Products : openemr- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Injection
-
8.5
HIGHCVE-2012-10022
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user ... Read more
Affected Products :- Published: Aug. 01, 2025
- Modified: Aug. 06, 2025
- Vuln Type: Authorization
-
8.0
HIGHCVE-2025-8480
Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The ... Read more
- Published: Aug. 01, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Injection
-
7.4
HIGHCVE-2025-8477
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this v... Read more
- Published: Aug. 01, 2025
- Modified: Aug. 12, 2025
- Vuln Type: Memory Corruption