2025-07-30 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-42651 | n/a - n/a | NanoMQ v0.17.9 was discovered to contain a heap use-after-free vulnerability via the component sub_Ctx_handle. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SUBSCRIBE message. | CNA n/a CVSS3.1: 7.5 - HIGH | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-28170 | n/a - n/a | Grandstream Networks GXP1628 <=1.0.4.130 is vulnerable to Incorrect Access Control. The device is configured with directory listing enabled, allowing unauthorized access to sensitive directories and files. | CNA n/a CVSS3.1: 7.6 - HIGH | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2014-125114 | i-Ftp - i-Ftp | A stack-based buffer overflow vulnerability exists in i-Ftp version 2.20 due to improper handling of the Time attribute within Schedule.xml. By placing a specially crafted Schedule.xml file in the i-Ftp application directory, a remote attacker can trigger a buffer overflow during scheduled download parsing, potentially leading to arbitrary code execution or a crash. | CVSS4.0: 8.4 - HIGH | 0 1 2 3 | Exploitation: pocAutomatable: noTechnical Impact: total | i-Ftp 2.20 Schedule.xml Stack-Based Buffer Overflow | github |
This post is licensed under CC BY 4.0 by the author.