21 new CVEs published on 2025-04-14 (CVSS: 7.3 - 8.8)
CybersecurityVulnerabilitiesExploitsSoftwareSecurity
This content is an AI-generated summary. If you encounter any misinformation or problematic content, please report it to cyb.hub@proton.me.
| CVE ID | CVSS | Description |
|---|---|---|
| CVE-2025-32907 | 7.5 | A flaw in libsoup's HTTP range requests implementation allows a resource consumption attack. |
| CVE-2025-3445 | 8.1 | A Path Traversal "Zip Slip" vulnerability in mholt/archiver in Go allows using a crafted ZIP file containing paths that traverse directories. |
| CVE-2025-3538 | 8.8 | A vulnerability in D-Link DI-8100 16.07.26A1 affects the auth_asp function,
allowing authentication bypass. |
| CVE-2025-3572 | 7.5 | SmartRobot from INTUMIT has a Server-Side Request Forgery vulnerability, allowing unauthenticated remote attackers to probe internal networks. |
| CVE-2025-32908 | 7.5 | A flaw in libsoup's HTTP/2 server may not fully validate pseudo-headers,
leading to potential security issues. |
| CVE-2025-32906 | 7.5 | A flaw in libsoup's soup_headers_parse_request() function is vulnerable to an out-of-bound read. |
| CVE-2025-32913 | 7.5 | A flaw in libsoup's soup_message_headers_get_content_disposition() function is vulnerable to a NULL pointer dereference. |
| CVE-2025-3539 | 8.0 | A critical vulnerability in H3C Magic NX15,
Magic NX30 Pro, Magic NX400, Magic R3010, and Magic BE18000 up to V100R014. |
| CVE-2025-3540 | 8.0 | A critical vulnerability in H3C Magic NX15, Magic NX30 Pro, Magic NX400, and Magic R3010 up to V100R014. |
| CVE-2025-3541 | 8.0 | A critical vulnerability in H3C Magic NX15,
Magic NX30 Pro, Magic NX400, and Magic R3010 up to V100R014. |
| CVE-2025-3542 | 8.0 | A critical vulnerability in H3C Magic NX15, Magic NX400, and Magic R3010 up to V100R014. |
| CVE-2025-3543 | 8.0 | A critical vulnerability in H3C Magic NX15,
Magic NX30 Pro, Magic NX400, and Magic R3010 up to V100R014. |
| CVE-2025-3551 | 7.3 | A critical vulnerability in Lingxing ERP 2 affects the DoUpload function in /Api/FileUpload.aspx. |
| CVE-2025-3552 | 7.3 | A critical vulnerability in Lingxing ERP 2 affects an unknown part of the file /Api/TinyMce/UploadAjax.ashx. |
| CVE-2025-31344 | 7.3 | Heap-based Buffer Overflow vulnerability in openEuler giflib on Linux,
associated with program files gif2rgb.C. |
| CVE-2025-3566 | 7.3 | A critical vulnerability in veal98 小牛肉 Echo 开源社区系统 4.2 affects the uploadMdPic function. |