Critical stack-based buffer overflow vulnerability in D-Link DIR-816 1.10CNB05 affecting the qosClassifier function's dip_address/sip_address parameters. This unauthenticated, remotely exploitable flaw allows attackers to achieve complete system compromise (confidentiality, integrity, and availability impact). The vulnerability affects end-of-life products no longer receiving vendor support, with public exploit disclosure and confirmed proof-of-concept availability increasing real-world exploitation risk.
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the /goform/form2lansetup.cgi endpoint. An unauthenticated remote attacker can exploit this vulnerability by manipulating the 'ip' parameter to achieve complete system compromise including data exfiltration, integrity violation, and denial of service. The vulnerability has public exploit code available and affects end-of-life products no longer receiving vendor support.
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 firmware version 1.10CNB05 affecting the QoSPortSetup function. An unauthenticated remote attacker can exploit this vulnerability by manipulating port0_group, port0_remarker, ssid0_group, or ssid0_remarker parameters to achieve arbitrary code execution, complete system compromise (confidentiality, integrity, availability), and full device takeover. Public exploit code has been disclosed, increasing real-world exploitation risk significantly.
Critical stack-based buffer overflow vulnerability in D-Link DIR-816 wireless router (version 1.10CNB05) affecting the 5GHz wireless configuration interface. An unauthenticated remote attacker can exploit improper input validation in the wirelessApcli_5g function to achieve complete system compromise including arbitrary code execution, data theft, and service disruption. Public exploit code exists and the affected product line is end-of-life, creating significant risk for unpatched deployments.
Critical SQL injection vulnerability affecting run-llama/llama_index v0.12.21 and potentially other versions, present in multiple vector store integrations. Attackers can execute arbitrary SQL commands without authentication to read and write data, potentially compromising data belonging to other users in web applications leveraging this library. With a CVSS 9.8 severity score, network-accessible attack vector, and no authentication required, this vulnerability poses an immediate and severe risk to production deployments.
Critical information disclosure vulnerability in Microsoft Power Automate that allows unauthenticated remote attackers to expose sensitive information and escalate privileges across a network without requiring user interaction. With a CVSS score of 9.8 and an unauthenticated attack vector, this vulnerability represents an immediate and severe risk to organizations using Power Automate; exploitation is likely being actively pursued given the severity metrics and network-accessible nature of the vulnerability.
Critical command injection vulnerability in Atheos IDE versions prior to 6.0.4, stemming from improper use of escapeshellcmd() in the Git component that allows argument injection leading to arbitrary command execution. The vulnerability affects Atheos administrators and users on vulnerable versions who can be compromised through a network-based attack requiring high privileges (authenticated admin access). An authenticated attacker with administrative rights can execute arbitrary system commands, potentially leading to complete server compromise, data breaches, and lateral movement within the hosting infrastructure.
A SQL injection vulnerability (CVSS 9.3). Critical severity with potential for significant impact on affected systems.