🔴 CVE-2025-52835 - Critical (9.6)

Cross-Site Request Forgery (CSRF) vulnerability in ConoHa by GMO WING WordPress Migrator allows Upload a Web Shell to a Web Server.This issue affects WING WordPress Migrator: from n/a through 1.1.9.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-52835/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-15111 - High (7.5)

Ksenia Security Lares 4.0 Home Automation version 1.6 contains a default credentials vulnerability that allows unauthorized attackers to gain administrative access. Attackers can exploit the weak default administrative credentials to obtain full c...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15111/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-15358 - High (7.5)

DVP-12SE11T - Denial of Service Vulnerability

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15358/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🔴 CVE-2025-68926 - Critical (9.8)

RustFS is a distributed object storage system built in Rust. In versions prior to 1.0.0-alpha.77, RustFS implements gRPC authentication using a hardcoded static token `"rustfs rpc"` that is publicly exposed in the source code repository, hardcoded...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68926/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-68980 - High (8.1)

Missing Authorization vulnerability in designthemes WeDesignTech Portfolio wedesigntech-portfolio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WeDesignTech Portfolio: from n/a through <= 1.0.2.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68980/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-15230 - High (8.8)

A vulnerability was found in Tenda M3 1.0.0.13(4903). Affected by this issue is the function formSetVlanPolicy of the file /goform/setVlanPolicyData. Performing manipulation of the argument qvlan_truck_port results in heap-based buffer overflow. R...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15230/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-69256 - High (7.5)

The Serverless Framework is a framework for using AWS Lambda and other managed cloud services to build applications. Starting in version 4.29.0 and prior to version 4.29.3, a command injection vulnerability exists in the Serverless Framework's bui...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69256/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-66862 - High (7.5)

A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-66862/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🟠 CVE-2025-15215 - High (8.8)

A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buff...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-15215/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda

🔴 CVE-2025-68974 - Critical (9.8)

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion.This issue affects Word...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-68974/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda