Overview
Description
A vulnerability was detected in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy of the file /goform/websHostFilter. Performing manipulation of the argument addHostFilter results in buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 12 hours ago
Fediverse
🚩 CVE-2025-14140: HIGH-severity buffer overflow in UTT 进取 520W v1.7.7-180627. Public exploit available, no vendor patch. Restrict access, deploy IDS/IPS, and monitor logs. Act fast! https://radar.offseq.com/threat/cve-2025-14140-buffer-overflow-in-utt-520w-c180e378 #OffSeq #Vulnerability #Infosec #NetworkSecurity
Overview
- roselldk
- WebP Express
04 Dec 2025
Published
04 Dec 2025
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.04%
KEV
Description
The WebP Express plugin for WordPress is vulnerable to information exposure via config files in all versions up to, and including, 0.25.9. This is due to the plugin not properly randomizing the name of the config file to prevent direct access on NGINX. This makes it possible for unauthenticated attackers to extract configuration data.
Statistics
- 1 Post
Last activity: 2 hours ago
Overview
Description
K7RKScan.sys in K7 Ultimate Security before 17.0.2019 allows local users to cause a denial of service (BSOD) because of a NULL pointer dereference.
Statistics
- 1 Post
Last activity: 23 hours ago
Bluesky
Overview
- Microsoft
- Windows
26 Aug 2025
Published
05 Dec 2025
Updated
CVSS v3.0
HIGH (7.0)
EPSS
0.23%
KEV
Description
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of .LNK files. Crafted data in an .LNK file can cause hazardous content in the file to be invisible to a user who inspects the file via the Windows-provided user interface. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25373.
Statistics
- 1 Post
Last activity: 13 hours ago
Overview
Description
A flaw has been found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formArpBindConfig. Executing manipulation of the argument pools can lead to buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Statistics
- 1 Post
Last activity: 13 hours ago
Fediverse
🔎 CVE-2025-14141: HIGH severity buffer overflow in UTT 进取 520W (v1.7.7-180627) via /goform/formArpBindConfig. No patch; public exploit available. Isolate devices, restrict access, monitor traffic. https://radar.offseq.com/threat/cve-2025-14141-buffer-overflow-in-utt-520w-c6cc8954 #OffSeq #Vuln #NetSec #Exploit
Overview
Description
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters (including newlines) that are accepted, stored verbatim in the database, and later embedded into backend SNMP operations. In environments where downstream SNMP tooling or wrappers interpret newline-separated tokens as command boundaries, this can lead to unintended command execution with the privileges of the Cacti process. This vulnerability is fixed in 1.2.29.
Statistics
- 1 Post
Last activity: 11 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 15 hours ago
Bluesky
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
Last activity: 15 hours ago