2025-10-31 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2018-25120 | D-Link - DNS-343 ShareCenter | D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint ‘/goform/Mail_Test’ and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life. | CVSS4.0: 9.3 - CRITICAL | 0 1 2 3 4 | Exploitation: noneAutomatable: yesTechnical Impact: total | D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test | github |
| CVE-2023-46718 | Fortinet - FortiOSFortinet - FortiProxy | A stack-based buffer overflow in Fortinet FortiOS version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.12 and 6.4.6 through 6.4.15 and 6.2.9 through 6.2.16 and 6.0.13 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted CLI commands. | CVSS3.1: 6.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2025-10928 | Drupal - Access code | Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Access code allows Brute Force.This issue affects Access code: from 0.0.0 before 2.0.5. | CNA n/a CVSS3.1: 6.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Access code - Moderately critical - Access bypass - SA-CONTRIB-2025-108 | github |
| CVE-2022-50238 | Microsoft - Windows | The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected periodic monthly Windows updates. It is possible to fully synchronize the driver blocklist using WDAC policies. NOTE: The vendor explains that Windows Update provides a smaller, compatibility-focused driver blocklist for general users, while the full XML list is available for advanced users and organizations to customize at the risk of usability issues. | CVSS3.1: 7.4 - HIGH CVSS3.1: 6.7 - MEDIUM | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
This post is licensed under CC BY 4.0 by the author.