CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
An unauthenticated command injection vulnerability exists in the ToToLink LR1200GB router firmware V9.1.0u.6619_B20230130 within the cstecgi.cgi binary (sub_41EC68 function). The binary reads the "imei" parameter from a web request and verifies only that it is 15 characters long, then directly inserts it into a system command using sprintf() and executes it with system().
A local stack-based buffer overflow vulnerability exists in the infostat.cgi and cstecgi.cgi binaries of ToToLink routers (A720R, LR1200GB, NR1800X). The programs parse /proc/net/arp using sscanf() with "%s" format specifiers into fixed-size stack buffers without length validation, allowing an attacker to write beyond buffer boundaries.
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using sscanf() into a single-byte variable with the %s format specifier. Maliciously crafted /proc/stat content can overwrite adjacent stack memory, potentially allowing an attacker with filesystem write privileges to execute arbitrary code on the device.
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB and NR1800X router firmware in the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation, potentially leading to arbitrary code execution or memory corruption without authentication.
A command injection vulnerability exists in the ToToLink A720R router firmware V4.1.5cu.614_B20230630 within the sysconf binary. The sub_40BFA4 function handling network interface reinitialization from '/var/system/linux_vlan_reinit' only partially validates input and concatenates it into shell commands executed via system() without escaping, allowing arbitrary command execution.
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' values are directly concatenated into shell commands and executed via system() without any sanitization or escaping. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary commands on the device.
A vulnerability in kdcproxy allows an attacker to perform a DoS attack by sending unbounded data in a KDC response, causing excessive memory and CPU usage. The lack of TCP response length validation and inefficient buffer management can overwhelm the server even with a single request.
A vulnerability in the Linux kernel related to the use of smp_processor_id() in preemptible code has been fixed. The bug report concerned a warning generated by dhcpcd, indicating improper use of this function in a preemptible context.
A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too much memory on the host. The excessive memory consumption could lead to a libvirt process crash on the host, resulting in a denial-of-service condition.
Podatność CVE-2025-11960 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w systemie KVKNET firmy Aryom Software High Technology Systems Inc. Umożliwia to ataki typu Reflected XSS.
In OneFlow v0.9.0, improper input validation allows attackers to cause a segmentation fault by adding a Python sequence to native code during broadcasting or type conversion.
BusyBox wget w wersji do 1.3.7 akceptował surowe znaki CR (0x0D)/LF (0x0A) oraz inne bajty kontrolne C0 w celu żądania HTTP, co pozwalało na podział linii żądania i wstrzykiwanie nagłówków kontrolowanych przez atakującego. Aby zachować poprawny format linii żądania HTTP/1.1, surowa spacja (0x20) w żądaniu musi być również odrzucona.
Kod curl do zarządzania połączeniami SSH podczas korzystania z backendu wolfSSH zawierał błędy i nie implementował mechanizmów weryfikacji hosta. To uniemożliwia curlowi wykrywanie ataków typu MITM oraz innych zagrożeń.
A type confusion vulnerability in SuiteCRM prior to version 7.12.6 occurs during processing of the 'module' parameter in the 'deleteAttachment' functionality. A remote unauthenticated attacker can alter database objects, including changing the administrator's email address.
Podatność CVE-2025-10955 dotyczy niewłaściwej neutralizacji danych wejściowych podczas generowania stron internetowych w oprogramowaniu Netigma firmy Netcad Software Inc. Umożliwia to ataki typu XSS (Cross-site Scripting) poprzez ciągi zapytań HTTP.
A use-after-free vulnerability was fixed in Safari and other Apple products through improved memory management. The issue occurs when processing maliciously crafted web content.
A vulnerability in WebKit may cause a process crash when processing maliciously crafted web content. The issue was addressed with improved memory handling.
A use-after-free vulnerability was addressed with improved memory management in Safari and Apple operating systems. Processing maliciously crafted web content may lead to an unexpected Safari crash.
FairSketch Rise Ultimate Project Manager & CRM version 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API.
A stack-based buffer overflow was found in the QEMU e1000 network device. The issue stems from the device's receive code still being able to process a short frame in loopback mode, leading to a buffer overrun in the e1000_receive_iov() function.

