Latest Critical CVEs
Updates on the latest high and critical severity vulnerabilities.
-
CVE-2025-3515 - WordPress Contact Form 7 Drag and Drop Multiple File Upload Remote Code Execution Vulnerability
CVE ID :CVE-2025-3515
Published : June 17, 2025, 10:15 a.m. | 4 hours, 10 minutes ago
Description :The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in all versions up to, and including, 1.3.8.9. This makes it possible for unauthenticated attackers to bypass the plugin's blacklist and upload .phar or other dangerous file types on the affected site's server, which may make remote code execution possible on the servers that are configured to handle .phar files as executable PHP scripts, particularly in default Apache+mod_php configurations where the file extension is not strictly validated before being passed to the PHP interpreter.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6165 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6165
Published : June 17, 2025, 6:15 a.m. | 8 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6164 - TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6164
Published : June 17, 2025, 6:15 a.m. | 8 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6163 - TOTOLINK A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6163
Published : June 17, 2025, 5:15 a.m. | 9 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6162 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow
CVE ID :CVE-2025-6162
Published : June 17, 2025, 5:15 a.m. | 9 hours, 10 minutes ago
Description :A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6158 - D-Link DIR-665 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability
CVE ID :CVE-2025-6158
Published : June 17, 2025, 4:15 a.m. | 10 hours, 9 minutes ago
Description :A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6151 - TP-Link TL-WR940N Buffer Overflow Vulnerability
CVE ID :CVE-2025-6151
Published : June 17, 2025, 1:15 a.m. | 13 hours, 10 minutes ago
Description :A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6150 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6150
Published : June 17, 2025, 1:15 a.m. | 13 hours, 10 minutes ago
Description :A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6149 - TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow
CVE ID :CVE-2025-6149
Published : June 17, 2025, 1:15 a.m. | 13 hours, 10 minutes ago
Description :A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6148 - TOTOLINK A3002RU HTTP POST Request Handler Buffer Overflow
CVE ID :CVE-2025-6148
Published : June 17, 2025, 1:15 a.m. | 13 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6147 - TOTOLINK A702R HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6147
Published : June 17, 2025, 1:15 a.m. | 13 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6146 - TOTOLINK X15 HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6146
Published : June 17, 2025, 12:15 a.m. | 14 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. This affects an unknown part of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6145 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6145
Published : June 16, 2025, 11:15 p.m. | 15 hours, 10 minutes ago
Description :A vulnerability was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6144 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6144
Published : June 16, 2025, 11:15 p.m. | 15 hours, 10 minutes ago
Description :A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6143 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6143
Published : June 16, 2025, 11:15 p.m. | 15 hours, 10 minutes ago
Description :A vulnerability, which was classified as critical, was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6138 - TOTOLINK T10 HTTP POST Request Handler Buffer Overflow
CVE ID :CVE-2025-6138
Published : June 16, 2025, 9:15 p.m. | 17 hours, 10 minutes ago
Description :A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6137 - TOTOLINK T10 HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6137
Published : June 16, 2025, 8:15 p.m. | 18 hours, 10 minutes ago
Description :A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6130 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6130
Published : June 16, 2025, 5:15 p.m. | 21 hours, 10 minutes ago
Description :A vulnerability, which was classified as critical, has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This issue affects some unknown processing of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6129 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow
CVE ID :CVE-2025-6129
Published : June 16, 2025, 4:15 p.m. | 22 hours, 10 minutes ago
Description :A vulnerability classified as critical was found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This vulnerability affects unknown code of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-6128 - TOTOLINK EX1200T HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-6128
Published : June 16, 2025, 4:15 p.m. | 22 hours, 10 minutes ago
Description :A vulnerability classified as critical has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713. This affects an unknown part of the file /boafrm/formWirelessTbl of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...