Total
676 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-15229 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LISTLEN leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-15156 | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM | ||
| A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may be initiated remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | |||||
| CVE-2025-14957 | 1 Webassembly | 1 Binaryen | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer dereference. Local access is required to approach this attack. The exploit is publicly available and might be used. The name of the patch is 6fb2b917a79578ab44cf3b900a6da4c27251e0d4. Applying a patch is advised to resolve this issue. | |||||
| CVE-2025-14953 | 1 Open5gs | 1 Open5gs | 2026-06-17 | 2.1 LOW | 3.1 LOW |
| A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogs_pfcp_handle_create_pdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is said to be difficult. The exploit has been published and may be used. This patch is called 93a9fd98a8baa94289be3b982028201de4534e32. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-14841 | 2026-06-17 | 1.7 LOW | 3.3 LOW | ||
| A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component. | |||||
| CVE-2025-14747 | 1 Shenzhenningyuandatechnology | 2 Tc155, Tc155 Firmware | 2026-06-17 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in Ningyuanda TC155 57.0.2.0. The impacted element is an unknown function of the component RTSP Service. Performing manipulation results in denial of service. The attack must originate from the local network. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14105 | 2026-06-17 | 3.3 LOW | 4.3 MEDIUM | ||
| A vulnerability was determined in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. This impacts an unknown function of the file /reqproc/proc_post of the component Web Interface. Executing manipulation of the argument goformId with the input REBOOT_DEVICE can lead to denial of service. The attack can only be done within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-13901 | 2026-06-17 | N/A | N/A | ||
| CWE-404 Improper Resource Shutdown or Release vulnerability exists that could cause partial Denial of Service on Machine Expert protocol when an unauthenticated attacker sends malicious payload to occupy active communication channels. | |||||
| CVE-2025-13564 | 1 Kimz190 | 1 Pre-school Management System | 2026-06-17 | 5.5 MEDIUM | 5.4 MEDIUM |
| A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | |||||
| CVE-2025-13524 | 2026-06-17 | N/A | 5.7 MEDIUM | ||
| Improper resource release in the call termination process in AWS Wickr before version 6.62.13 on Windows, macOS and Linux may allow a call participant to continue receiving audio input from another user after they close their call window. This issue occurs under certain conditions, which require the affected user to take a particular action within the application To mitigate this issue, users should upgrade AWS Wickr, Wickr Gov and Wickr Enterprise desktop version to version 6.62.13. | |||||
| CVE-2025-13397 | 1 S-itoc | 1 Mruby\/c | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A security vulnerability has been detected in mrubyc up to 3.4. This impacts the function mrbc_raw_realloc of the file src/alloc.c. Such manipulation of the argument ptr leads to null pointer dereference. An attack has to be approached locally. The name of the patch is 009111904807b8567262036bf45297c3da8f1c87. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2025-12917 | 1 Gztozed | 2 Zlt T10 Plus, Zlt T10 Plus Firmware | 2026-06-17 | 3.3 LOW | 4.3 MEDIUM |
| A vulnerability was identified in TOZED ZLT T10 T10PLUS_3.04.15. The affected element is an unknown function of the file /reqproc/proc_post of the component Reboot Handler. Such manipulation leads to denial of service. Access to the local network is required for this attack to succeed. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12207 | 1 Kamailio | 1 Kamailio | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer dereference. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The actual existence of this vulnerability is currently in question. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-12206 | 1 Kamailio | 1 Kamailio | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be launched locally. The exploit has been published and may be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11642 | 1 Furbo | 4 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 1 more | 2026-06-17 | 3.8 LOW | 4.0 MEDIUM |
| A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The exploitability is told to be difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11638 | 1 Furbo | 4 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware, Furbo Mini and 1 more | 2026-06-17 | 3.3 LOW | 4.3 MEDIUM |
| A flaw has been found in Tomofun Furbo 360 and Furbo Mini. The affected element is an unknown function of the component Bluetooth Handler. Executing manipulation can lead to denial of service. The attacker needs to be present on the local network. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11635 | 1 Furbo | 2 Furbo 360 Dog Camera, Furbo 360 Dog Camera Firmware | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A weakness has been identified in Tomofun Furbo 360 up to FB0035_FW_036. This vulnerability affects unknown code of the component File Upload. This manipulation causes resource consumption. Remote exploitation of the attack is possible. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11550 | 1 Tenda | 2 W12, W12 Firmware | 2026-06-17 | 6.8 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in Tenda W12 3.0.0.6(3948). The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2025-11017 | 1 Ogre3d | 1 Ogre | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a local position. The exploit is now public and may be used. | |||||
| CVE-2025-11013 | 1 Behaviortree | 1 Behaviortree | 2026-06-17 | 1.7 LOW | 3.3 LOW |
| A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit is publicly available and might be used. | |||||