A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplied pincode parameter into a fixed 132-byte stack buffer with no bounds checks. This allows an attacker to corrupt adjacent stack memory, crash the web server, and (under certain conditions) may enable arbitrary code execution.

CVE Database V5

Detailed information about CVE-2025-68706: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-68706: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-68706: n/a

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Detailed information about CVE-2025-15200: Cross Site Scripting in SohuTV CacheCloud affecting SohuTV CacheCloud. Get real-time updates, technical details, and 

CVE-2025-15200: Cross Site Scripting in SohuTV CacheCloud - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15200: Cross Site Scripting in SohuTV CacheCloud

[Vulnerability Listing](https://gpg.fail/)

[Presentation VoD](https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i)

[YouTube rehost (by the authors)](https://www.youtube.com/watch?v=U0ZYOTHrB7I)

Reddit NetSec

Detailed information about 39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools. Get real-time updates, technical details, and mitigation strat

39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools - Live Threat Intelligence - Threat Radar | OffSeq.com

39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools

Reddit Discussion: 39C3: Multiple vulnerabilities in GnuPG and other cryptographic tools

The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1.

Detailed information about CVE-2025-14280: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in pixelyoursite PixelYourSite – Your smart PIXEL 

CVE-2025-14280: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in pixelyoursite PixelYourSite – Your smart PIXEL (TAG) & API Manager - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-14280: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in pixelyoursite PixelYourSite – Your smart PIXEL (TAG) & API Manager

The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.

Detailed information about CVE-2025-13592: CWE-94 Improper Control of Generation of Code ('Code Injection') in monetizemore Advanced Ads – Ad Manager & AdSense 

CVE-2025-13592: CWE-94 Improper Control of Generation of Code ('Code Injection') in monetizemore Advanced Ads – Ad Manager & AdSense - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-13592: CWE-94 Improper Control of Generation of Code ('Code Injection') in monetizemore Advanced Ads – Ad Manager & AdSense

An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.

Detailed information about CVE-2025-66865: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-66865: n/a

CVE-2025-66865: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-68706: n/a

CVE-2025-15200: Cross Site Scripting in SohuTV CacheCloud

CVE-2025-14280: CWE-200 Exposure of Sensitive Information to an Unauthorized Actor in pixelyoursite PixelYourSite – Your smart PIXEL (TAG) & API Manager

CVE-2025-13592: CWE-94 Improper Control of Generation of Code ('Code Injection') in monetizemore Advanced Ads – Ad Manager & AdSense

CVE-2025-67255: n/a

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility