Thir0th

8 exploits Active since May 2025
CVE-2025-4743 WRITEUP MEDIUM WRITEUP
Fabian Employee Record System - Injection
A vulnerability classified as critical was found in code-projects Employee Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /dashboard/getData.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 6.3
CVE-2025-6328 WRITEUP HIGH WORKING POC
D-Link DIR-815 1.01 - Buffer Overflow
A vulnerability was found in D-Link DIR-815 1.01. It has been declared as critical. This vulnerability affects the function sub_403794 of the file hedwig.cgi. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-6334 WRITEUP HIGH WRITEUP
D-Link DIR-867 1.0 - Buffer Overflow
A vulnerability has been found in D-Link DIR-867 1.0 and classified as critical. This vulnerability affects the function strncpy of the component Query String Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 8.8
CVE-2025-7192 WRITEUP MEDIUM WORKING POC
Dlink Dir-645 Firmware < 1.05b01 - Command Injection
A vulnerability was found in D-Link DIR-645 up to 1.05B01 and classified as critical. This issue affects the function ssdpcgi_main of the file /htdocs/cgibin of the component ssdpcgi. The manipulation leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS 6.3
CVE-2025-8017 WRITEUP HIGH WORKING POC
Tenda Ac7 Firmware - Memory Corruption
A vulnerability was found in Tenda AC7 15.03.06.44. It has been classified as critical. Affected is the function formSetMacFilterCfg of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-8060 WRITEUP HIGH WRITEUP
Tenda Ac23 Firmware - Memory Corruption
A vulnerability has been found in Tenda AC23 16.03.07.52 and classified as critical. Affected by this vulnerability is the function sub_46C940 of the file /goform/setMacFilterCfg of the component httpd. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-8131 WRITEUP HIGH WRITEUP
Tenda Ac20 Firmware - Memory Corruption
A vulnerability was found in Tenda AC20 16.03.08.05. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 8.8
CVE-2025-9791 WRITEUP HIGH WRITEUP
Tenda Ac20 Firmware - Out-of-Bounds Write
A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVSS 8.8