Plane is open-source project management software. Prior to version 1.1.0, an open redirect vulnerability in the ?next_path query parameter allows attackers to supply arbitrary schemes (e.g., javascript:) that are passed directly to router.push. This...
An issue was discovered in the NDIS Usermode IO driver (RtkIOAC60.sys, version 6.0.5600.16348) allowing local authenticated attackers to send a crafted IOCTL request to the driver to cause a denial of service. More information...
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function More information : http://perfreeblog.com
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function More information : http://perfreeblog.com
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function More information : http://perfreeblog.com
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function More information : http://perfreeblog.com
Karmada Dashboard is a general-purpose, web-based control panel for Karmada which is a multi-cluster management project. Prior to version 0.2.0, there is an authentication bypass vulnerability in the Karmada Dashboard API. The backend API...
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register. More information : https://github.com/Antabot/White-Jotter/issues/162
jshERP up to commit fbda24da was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the jsh_erp function. More information : https://fushuling.com/index.php/2025/08/17/%e7%bb%95%e8%bf%87%e8%a1%a5%e4%b8%81%ef%bc%8c%e5%86%8d%e6%ac%a1%e5%ae%9e%e7%8e%b0%e5%8d%8e%e5%a4%8ferp%e6%9c%aa%e6%8e%88%e6%9d%83rce%e5%b7%b2%e4%bf%ae%e5%a4%8d/
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetMACFilter. More information : https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/20-buffer%20overflow-formSetMACFilter.md
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSchedule. More information : https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/17-buffer%20overflow-formSchedule.md
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetLog. More information : https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/14-buffer%20overflow-formSetLog.md
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetPortTr. More information : https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/18-buffer%20overflow-formSetPortTr.md
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formWlSiteSurvey. More information : https://github.com/luckysmallbird/DLINK-DIR600LAx-Vulnerability/blob/main/15-buffer%20overflow-formWlSiteSurvey.md