Dell ThinOS 10, versions prior to 2508_10.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access. More information : https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Improper Neutralization of Argument Delimiters in a Command (‘Argument Injection’) vulnerability. A local unauthenticated user could potentially exploit this vulnerability leading to Elevation of Privileges...
Dell ThinOS 10, versions prior to 2508_10.0127, contains an Incorrect Permission Assignment for Critical Resource vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Elevation of Privileges and Unauthorized Access. More...
Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. More information : https://www.dell.com/support/kbdoc/en-us/000359619/dsa-2025-331
A vulnerability has been found in Linksys E1700 1.0.0.4.003. Affected by this issue is the function setSysAdm of the file /goform/setSysAdm. Such manipulation of the argument rm_port leads to stack-based buffer overflow. The attack...
A flaw has been found in Linksys E1700 1.0.0.4.003. Affected by this vulnerability is the function setWan of the file /goform/setWan. This manipulation of the argument DeviceName/lanIp causes stack-based buffer overflow. The attack can...
A vulnerability was detected in Tenda AC1206 15.03.06.23. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac results in stack-based buffer overflow. It is possible to launch the...
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the...
The configuration file containing database logins and passwords is readable by any local user. More information : https://cert.pl/en/posts/2025/08/CVE-2025-2313/
In the “utils/Reporter/OpenReportWindow.pl” service, there is an SQL injection vulnerability through the “UserID” parameter. More information : https://cert.pl/en/posts/2025/08/CVE-2025-2313/
In the ReturnUserUnitsXML.pl service, the “getUserInfo” function is vulnerable to SQL injection through the “UserID” parameter. More information : https://cert.pl/en/posts/2025/08/CVE-2025-2313/
In the PrepareCDExportJSON.pl service, the “getPerfServiceIds” function is vulnerable to SQL injection. More information : https://cert.pl/en/posts/2025/08/CVE-2025-2313/
In the PatientService.pl service, the “getPatientIdentifier” function is vulnerable to SQL injection through the “pesel” parameter. More information : https://cert.pl/en/posts/2025/08/CVE-2025-2313/
In UHCRTFDoc, the filename parameter can be exploited to execute arbitrary code via command injection into the system() call in the ConvertToPDF function. More information : https://cert.pl/en/posts/2025/08/CVE-2025-2313/