A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. The manipulation of the argument PPW leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE Database V5

Detailed information about CVE-2025-7747: Buffer Overflow in Tenda FH451 affecting Tenda FH451. Get real-time updates, technical details, and mitigation strateg

CVE-2025-7747: Buffer Overflow in Tenda FH451 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7747: Buffer Overflow in Tenda FH451

An issue was discovered in AdGuard plugin before 1.11.22 for Safari on MacOS. AdGaurd verbosely logged each url that Safari accessed when the plugin was active. These logs went into the MacOS general logs for any unsandboxed process to read. This may be disabled in version 1.11.22.

Detailed information about CVE-2025-51497: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-51497: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-51497: n/a

Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available.

CVE-2025-7338 is a high-severity vulnerability affecting the Multer middleware for Node.js, specifically versions starting from 1.4.4-lts.1 up to but not including 2.0.2. Multer is widely used in Express.js applications to handle multipart/form-data, commonly for file uploads. The vulnerability is classified under CWE-248, which pertains to Uncaught Exception vulnerabilities. An attacker can exploit this flaw by sending a specially crafted malformed multipart upload request. This malformed request triggers an unhandled exception within the Multer middleware, causing the Node.js process to crash and resulting in a Denial of Service (DoS). The vulnerability requires no authentication or user interaction and can be exploited remotely over the network (AV:N/AC:L/PR:N/UI:N). The impact is limited to availability, as confidentiality and integrity are not affected. The vulnerability was publicly disclosed on July 17, 2025, and no known exploits are currently in the wild. The recommended remediation is to upgrade Multer to version 2.0.2 or later, where the issue has been patched. No effective workarounds exist, making timely patching critical. This vulnerability poses a significant risk to any web application relying on vulnerable Multer versions for handling file uploads, as attackers can disrupt service availability by crashing the server process handling HTTP requests.

Detailed information about CVE-2025-7338: CWE-248 in expressjs multer affecting expressjs multer. Get real-time updates, technical details, and mitigation strat

CVE-2025-7338: CWE-248 in expressjs multer - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7338: CWE-248 in expressjs multer

Island Lake WebBatch before 2025C allows Remote Code Execution via a crafted URL.

CVE-2025-53867 is a remote code execution (RCE) vulnerability affecting Island Lake WebBatch versions prior to 2025C. The vulnerability is triggered via a specially crafted URL, which allows an attacker to execute arbitrary code on the target system remotely without authentication. WebBatch is a web-based batch processing tool, and this flaw likely stems from improper input validation or unsafe handling of URL parameters, enabling malicious payloads to be injected and executed on the server hosting the application. Since the vulnerability allows remote code execution, an attacker could potentially gain full control over the affected system, leading to unauthorized access, data theft, service disruption, or use of the compromised host as a pivot point for further attacks within a network. The absence of a CVSS score and detailed technical specifics limits precise risk quantification, but the nature of RCE vulnerabilities inherently represents a critical security risk. No known exploits have been reported in the wild as of the publication date, and no patches or mitigation details have been provided yet. The vulnerability was publicly disclosed on July 17, 2025, shortly after being reserved on July 11, 2025, indicating recent discovery and publication.

Detailed information about CVE-2025-53867: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-53867: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53867: n/a

NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN.

Detailed information about CVE-2025-23263: CWE-279: Incorrect Execution-Assigned Permissions in NVIDIA DOCA-Host and Mellanox OFED affecting NVIDIA DOCA-Host an