Remote code execution in D-Link DIR-513 firmware version 1.10 through a stack-based buffer overflow in the /goform/formEasySetupWizard3 endpoint allows unauthenticated attackers to achieve full system compromise over the network. The vulnerability can be exploited with minimal complexity using publicly available exploit code, and no patch is currently available to remediate the issue.
Authenticated domain users can bypass file access restrictions on Backup Repository systems to read, modify, or delete arbitrary files due to insufficient authorization controls. This high-severity flaw affects users with valid domain credentials and requires no user interaction to exploit. No patch is currently available for this vulnerability.
The issue was addressed with improved memory handling. This issue is fixed in iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2, Safari 17.2, iOS 16.7.15 and iPadOS 16.7.15, iOS 15.8.7 and iPadOS 15.8.7. [CVSS 8.8 HIGH]
SQL injection in GL-iNet GL-AR300M16 firmware v4.3.11 allows authenticated attackers to execute arbitrary database commands through the add_group() function via crafted HTTP requests. The vulnerability affects all installations of the affected firmware version and requires valid credentials to exploit. No patch is currently available to remediate this high-severity flaw.
A Memory Allocation with Excessive Size Value vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an unauthenticated attacker to cause a denial-of-service condition
Insufficient input padding in soroban-poseidon's Poseidon V1 hash function enables attackers to forge hash collisions by appending zeros to shorter inputs, allowing distinct messages to produce identical hashes when the input count is less than the sponge rate. This vulnerability affects any Soroban smart contract relying on PoseidonSponge or poseidon_hash for cryptographic integrity, potentially compromising authentication, signature verification, or other security mechanisms that depend on hash uniqueness. No patch is currently available.
Arbitrary file write in Black (the Python code formatter) before 26.3.1 lets an attacker who controls the value of the --python-cell-magics option place cache files at attacker-chosen filesystem locations via path traversal. The unsanitized option value is embedded directly into the computed cache filename, so a value such as '../../../tmp/pwned' escapes the cache directory and overwrites or creates files elsewhere. No public exploit is identified at time of analysis, EPSS is very low (0.02%), and the issue is not in CISA KEV; practical risk is confined to environments that feed untrusted input into Black's command-line options.
A command injection vulnerability has been identified in the Telnet command-line interface (CLI) of TP-Link TL-MR6400 v5.3. This issue is caused by insufficient sanitization of data processed during specific CLI operations.
NEXULEAN versions prior to 2.0.0 expose Firebase and Web3Forms API keys in the application, allowing unauthenticated attackers to access backend services and retrieve sensitive user data. The hardcoded credentials can be leveraged remotely without any user interaction to interact with protected resources. No patch is currently available for affected deployments.
A Use of Hard-coded Credentials vulnerability in Trane Tracer SC, Tracer SC+, and Tracer Concierge could allow an attacker to disclose sensitive information and take over accounts.
Deno versions 2.7.0 through 2.7.1 contain a command injection vulnerability in the node:child_process polyfill where improper quote handling allows attackers to bypass previous security fixes and execute arbitrary OS commands through shell metacharacter injection in spawn/spawnSync arguments. This vulnerability bypasses Deno's permission system entirely, enabling complete system compromise for applications processing untrusted input. A patch is available in version 2.7.2.
Magic Wormhole versions 0.21.0 through 0.22.x allow malicious senders to overwrite arbitrary files on a receiver's system during file transfer operations, potentially compromising SSH keys and shell configuration files. This path traversal vulnerability (CWE-22) requires the attacker to control the sending side of the transfer and affects any user receiving files from an untrusted source. No patch is currently available for this HIGH severity vulnerability.
Postal SMTP server versions below 3.3.5 contain a stored cross-site scripting (XSS) vulnerability in the admin interface where the API's "send/raw" method fails to properly escape user-supplied data, allowing authenticated attackers to inject malicious HTML and JavaScript. An attacker with API access could manipulate the admin dashboard or execute unauthorized actions in the context of an administrator's session. No patch is currently available for affected versions.
High severity vulnerability in OpenClaw. In affected versions of `openclaw`, browser-originated WebSocket connections could bypass origin validation when `gateway.auth.mode` was set to `trusted-proxy` and the request arrived with proxy headers. A page served from an untrusted origin could connect through a trusted reverse proxy, inherit proxy-authenticated identity, and establish a privileged operator session.
High severity vulnerability in SGLang. SGLangs `replay_request_dump.py` contains an insecure pickle.load() without validation and proper deserialization. An attacker can take advantage of this by providing a malicious .pkl file, which will execute the attackers code on the device running the script.
Local attackers can achieve heap buffer overflow in llama.cpp versions before b8146 through integer overflow in the GGUF file parsing function, enabling arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from undersized heap allocation followed by unvalidated writes of over 528 bytes of attacker-controlled data, bypassing a previous fix for the same component. This affects systems running vulnerable LLM inference implementations on local machines where user interaction is required to trigger the malicious GGUF file processing.
Unauthorized SSH credential extraction affects systems where low-privileged users can access stored authentication material, enabling account compromise without administrative access. The network-accessible vulnerability requires valid user credentials to exploit but impacts the entire system's security posture by exposing sensitive SSH keys. No patch is currently available to remediate this issue.
OpenCTI versions prior to 6.8.16 contain a server-side request forgery vulnerability in the data ingestion feature that fails to validate user-supplied URLs, allowing authenticated attackers to send requests to arbitrary internal endpoints and services. The Axios HTTP client's permissive default configuration processes absolute URLs without restriction, enabling semi-blind SSRF attacks that can compromise internal systems despite limited response visibility. This vulnerability requires authentication but affects all deployments running vulnerable versions.
Unauthenticated SQL injection in WordPress My Sticky Bar plugin versions up to 2.8.6 allows attackers to extract database contents through crafted AJAX requests that exploit unsanitized parameter names in SQL INSERT statements. The vulnerability enables blind time-based data exfiltration despite sanitization of parameter values, affecting all users of the vulnerable plugin. No patch is currently available.
Node.js undici WebSocket client denial-of-service vulnerability allows remote attackers to crash the process by sending a malformed permessage-deflate compression parameter that bypasses validation and triggers an uncaught exception. The vulnerability exists because the client fails to properly validate the server_max_window_bits parameter before passing it to zlib, enabling any WebSocket server to terminate connected clients. No patch is currently available.
High severity vulnerability in Ella Networks Core. Ella Core panics when processing a malformed integrity protected NGAP/NAS message with a length under 7 bytes.
Undici's WebSocket frame parser fails to properly validate 64-bit length fields, causing integer overflow in internal calculations that leaves the parser in an invalid state and crashes the process with a fatal TypeError. An unauthenticated remote attacker can exploit this to achieve denial of service by sending a specially crafted WebSocket frame. Versions 7.24.0, 6.24.0, and later contain fixes for this vulnerability.
Node.js undici WebSocket client denial-of-service via decompression bomb in permessage-deflate processing allows remote attackers to crash or hang affected processes through unbounded memory consumption. An attacker controlling a malicious WebSocket server can send specially crafted compressed frames that expand to extremely large sizes in memory without triggering any decompression limits. No patch is currently available for this vulnerability.
flatted is a circular JSON parser. versions up to 3.4.0 is affected by uncontrolled recursion (CVSS 7.5).
SQLite's zipfile extension contains a bug in the zipfileInflate function that leaks heap memory contents when processing specially crafted ZIP files. This affects SQLite version 3.51.1 and earlier installations that use the zipfile extension. An attacker can exploit this by providing a malicious ZIP file to read sensitive data from the application's memory, potentially exposing passwords, encryption keys, or other confidential information.
Remote code execution in Tenda W3 1.0.0.3(2204) via stack buffer overflow in the /goform/wifiSSIDset POST parameter handler allows authenticated attackers to achieve complete system compromise. The vulnerability exists in the index/GO parameter processing and can be exploited over the network without user interaction. Public exploit code is available for this vulnerability.
Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index/GO parameter in the /goform/WifiMacFilterSet POST handler. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda W3 firmware version 1.0.0.3(2204) allows authenticated remote attackers to achieve complete system compromise through malicious ping parameters sent to the /goform/setAutoPing endpoint. Public exploit code is available for this vulnerability, increasing the risk of active exploitation. No patch is currently available, leaving affected devices exposed without mitigation options.
Stack-based buffer overflow in Tenda i3 firmware version 1.0.0.6(2204) allows authenticated remote attackers to achieve full system compromise through the SSID configuration endpoint. The vulnerability exists in the formwrlSSIDset function due to improper input validation on the index/GO parameter, and public exploit code is available. No patch is currently available, making this a critical risk for affected network devices.
High severity vulnerability in TinaCMS. ## Affected Package
Stack-based buffer overflow in Tenda i12 version 1.0.0.6(2204) allows remote authenticated attackers to achieve complete system compromise through improper input validation in the wifiSSIDget function. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can trigger the overflow via the index parameter to execute arbitrary code with elevated privileges.
Remote code execution in Tenda i12 firmware version 1.0.0.6(2204) via stack-based buffer overflow in the WifiMacFilterGet function allows authenticated attackers to achieve full system compromise. Public exploit code exists for this vulnerability, increasing risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda i12 1.0.0.6(2204) allows remote attackers with user privileges to achieve complete system compromise through malicious input to the cmdinput parameter in /goform/exeCommand. Public exploit code exists for this vulnerability, and no patch is currently available to remediate the issue.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) allows authenticated remote attackers to achieve code execution by manipulating the index parameter in POST requests to /goform/wifiSSIDget. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) allows authenticated remote attackers to achieve full system compromise through manipulation of the wl_radio parameter in the WifiMacFilterGet POST handler. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.
Stack-based buffer overflow in Tenda W3 1.0.0.3(2204) HTTP handler allows authenticated remote attackers to execute arbitrary code by sending a crafted request to the /goform/exeCommand endpoint with an oversized cmdinput parameter. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda i3 1.0.0.6(2204) allows remote authenticated attackers to achieve complete system compromise through manipulation of the index parameter in the wifiSSIDget function. Public exploit code exists for this vulnerability, and no patch is currently available.
Stack-based buffer overflow in Tenda W3 firmware 1.0.0.3(2204) HTTP handler allows adjacent network attackers to achieve remote code execution without authentication. The vulnerability resides in the formSetCfm function's handling of the funcpara1 parameter at /goform/setcfm. Public exploit code is available on GitHub, though EPSS probability remains low at 0.03% (7th percentile), indicating limited real-world exploitation activity. CISA KEV does not list this vulnerability, suggesting no confirmed widespread or targeted exploitation campaigns.