Common Vulnerabilities and Exposures (CVE)

CVE-2025-60674

Jul 5, 2026 01:18:52 UTC

A stack buffer overflow vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin in the rc binary's USB storage handling module. The vulnerability occurs when the "Serial Number" field from a USB device is read via sscanf i...

CVE-2025-60673

Jul 5, 2026 01:18:48 UTC

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDMZSettings' functionality, where the 'IPAddress' parameter in prog.cgi is stored in NVRAM a...

CVE-2025-60672

Jul 5, 2026 01:18:44 UTC

An unauthenticated command injection vulnerability exists in the D-Link DIR-878A1 router firmware FW101B04.bin. The vulnerability occurs in the 'SetDynamicDNSSettings' functionality, where the 'ServerAddress' and 'Hostname' parameters in pr...

CVE-2025-60671

Jul 5, 2026 01:18:40 UTC

A command injection vulnerability exists in the D-Link DIR-823G router firmware DIR823G_V1.0.2B05_20181207.bin in the timelycheck and sysconf binaries, which process the /var/system/linux_vlan_reinit file. The vulnerability occurs because c...

CVE-2025-56401

Jul 5, 2026 01:18:36 UTC

ZIRA Group WBRM 7.0 is vulnerable to SQL Injection in referenceLookupsByTableNameAndColumnName.

CVE-2025-56400

Jul 5, 2026 01:18:32 UTC

Cross-Site Request Forgery (CSRF) vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SD...

CVE-2025-51741

Jul 5, 2026 01:18:24 UTC

An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthenticated attacker to cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint pote...

CVE-2023-49440

Jul 5, 2026 01:18:08 UTC

AhnLab EPP 1.0.15 is vulnerable to SQL Injection via the "preview parameter."

CVE-2025-63560

Jul 5, 2026 01:17:54 UTC

An issue in KiloView Dual Channel 4k HDMI & 3G-SDI HEVC Video Encoder Firmware v.1.20.0006 allows a remote attacker to cause a denial of service via the systemctrl API System/reFactory component.

CVE-2025-63397

Jul 5, 2026 01:17:50 UTC

Improper input validation in OneFlow v0.9.0 allows attackers to cause a segmentation fault via adding a Python sequence to the native code during broadcasting/type conversion.

CVE-2025-63293

Jul 5, 2026 01:17:46 UTC

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing auth...

CVE-2025-57130

Jul 5, 2026 01:17:42 UTC

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can...

CVE-2025-56231

Jul 5, 2026 01:17:38 UTC

Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validation, which allows attackers to bypass update protections.

CVE-2024-22903

Jul 5, 2026 01:17:33 UTC

Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function.

CVE-2024-22901

Jul 5, 2026 01:17:26 UTC

Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials.