CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.15)
A stack-based buffer overflow vulnerability exists in the mtk_dut binary of Linksys E7350 routers (Firmware 1.1.00.032). The function sub_4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and copies it into caller-provided buffer a1 using strcpy without boundary checks. Since a1 is often allocated with significantly smaller sizes (20-32 bytes), local attackers controlling the contents of /sys/class/net/%s/address can trigger buffer overflows.
An unauthenticated command injection vulnerability exists in the Start_EPI function of the httpd binary on Linksys E1200 v2 routers (Firmware E1200_v2.0.11.001_us.tar.gz). User-supplied CGI parameters (wl_ant, wl_ssid, wl_rate, ttcp_num, ttcp_ip, ttcp_size) are concatenated into system command strings without proper sanitization and executed via wl_exec_cmd, allowing remote attackers to execute arbitrary commands without authentication.
A stack buffer overflow vulnerability was found in the setDefResponse function of the cstecgi.cgi binary in ToToLink LR1200GB and NR1800X routers. An unauthenticated attacker can send a crafted "IpAddress" parameter, causing a buffer overflow that may lead to arbitrary code execution.
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long, then directly inserts it into a system command using sprintf() and executes it with system().
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R, LR1200GB, NR1800X). The programs parse /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation, allowing an attacker to write beyond buffer boundaries.
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB and NR1800X router firmware in the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation, potentially leading to arbitrary code execution or memory corruption without authentication.
A command injection vulnerability exists in the ToToLink A720R router firmware V4.1.5cu.614_B20230630 within the sysconf binary. The sub_40BFA4 function handling network interface reinitialization from '/var/system/linux_vlan_reinit' only partially validates input and concatenates it into shell commands executed via system() without escaping, allowing arbitrary command execution.
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device.
A vulnerability in kdcproxy allows an attacker to perform a DoS attack by sending unbounded data in a KDC response, causing excessive memory and CPU usage. The lack of TCP response length validation and inefficient buffer management can overwhelm the server even with a single request.
A vulnerability in the Linux kernel related to the use of smp_processor_id() in preemptible code has been fixed. The bug report concerned a warning generated by dhcpcd, indicating improper use of this function in a preemptible context.
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
Podatność CVE-2025-11960 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w systemie KVKNET firmy Aryom Software High Technology Systems Inc. Umożliwia to ataki typu Reflected XSS.
In OneFlow v0.9.0, improper input validation allows attackers to cause a segmentation fault by adding a Python sequence to native code during broadcasting or type conversion.
BusyBox wget w wersji do 1.3.7 akceptował surowe znaki CR (0x0D)/LF (0x0A) oraz inne bajty kontrolne C0 w celu żądania HTTP, co pozwalało na podział linii żądania i wstrzykiwanie nagłówków kontrolowanych przez atakującego. Aby zachować poprawny format linii żądania HTTP/1.1, surowa spacja (0x20) w żądaniu musi być również odrzucona.
Kod curl do zarządzania połączeniami SSH podczas korzystania z backendu wolfSSH zawierał błędy i nie implementował mechanizmów weryfikacji hosta. To uniemożliwia curlowi wykrywanie ataków typu MITM oraz innych zagrożeń.
Podatność CVE-2025-10955 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Netigma firmy Netcad Software Inc. Umożliwia to ataki typu XSS (Cross-site Scripting) poprzez ciągi zapytań HTTP.
FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
A stack-based buffer overflow was found in the QEMU e1000 network device. The issue stems from the device's receive code still being able to process a short frame in loopback mode, leading to a buffer overrun in the e1000_receive_iov() function.
An unauthenticated server-side request forgery (SSRF) vulnerability exists in the Thumbnail via-uri endpoint of Halo CMS 2.21. A remote attacker can force the server to make HTTP requests to attacker-controlled URLs, including internal network addresses.

