Skip to main content
CVE-2026-39394 HIGH PATCH GHSA This Week

Environment file injection in CI4MS versions prior to 0.31.4.0 allows remote attackers to inject arbitrary configuration directives by exploiting unvalidated newline characters in the host parameter during installation. The Install::index() controller's CSRF protection is intentionally disabled, and InstallFilter bypass is possible when settings cache expires or on fresh deployments. EPSS score of 0.02% (4th percentile) indicates low exploitation probability despite proof-of-concept availability (SSVC: poc). CVSS 8.1 reflects high potential impact but is tempered by high attack complexity (AC:H) requiring specific timing conditions.

CSRF Ci4ms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-39393 HIGH PATCH GHSA This Week

CI4MS CMS skeleton versions below 0.31.4.0 permit complete application takeover through installation wizard re-access when the database becomes unreachable. Unauthenticated remote attackers exploit a race condition window during cache expiry or database downtime to bypass the install route guard and inject malicious database credentials into the .env configuration file. No active exploitation confirmed (not in CISA KEV), EPSS probability 0.01% indicates low observed targeting. Vendor patch released in version 0.31.4.0.

Authentication Bypass Ci4ms
NVD GitHub
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-28261 HIGH PATCH This Week

Local privilege escalation in Dell Elastic Cloud Storage (≤3.8.1.7) and ObjectScale (<4.1.0.3, =4.2.0.0) allows authenticated users with low privileges to extract credentials from log files and escalate to compromised account privileges. CVSS 7.8 (High). No public exploit identified at time of analysis. EPSS data not available, but local access requirement and low attack complexity suggest moderate exploitation likelihood in multi-tenant or shared administrative environments.

Dell Information Disclosure Elastic
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-27806 HIGH PATCH GHSA This Week

Local privilege escalation to root in Fleet Orbit agent (macOS) allows authenticated local users to inject arbitrary Tcl commands via malformed FileVault password input. The vulnerability stems from unsafe interpolation of user-supplied passwords into expect scripts executed as root. CVSS 7.8 (High) with EPSS data unavailable; no public exploit identified at time of analysis, though exploitation requires only a specially crafted password containing closing brace characters. Impacts organizations using Fleet's macOS disk encryption management.

Command Injection Privilege Escalation
NVD GitHub
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-5726 HIGH CISA This Week

Stack-based buffer overflow in Delta Electronics ASDA-Soft allows local attackers with no privileges to execute arbitrary code by tricking users into opening a malicious file. The vulnerability achieves complete system compromise (confidentiality, integrity, availability all rated High in CVSS) through user interaction with crafted input. No public exploit identified at time of analysis, though the low attack complexity and lack of required privileges increase realistic exploitation risk once details emerge.

Buffer Overflow Stack Overflow Asda Soft
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-33461 HIGH This Week

Authorization bypass in Elastic Kibana allows authenticated users with limited Fleet privileges to retrieve sensitive configuration data including private keys and authentication tokens through an internal API endpoint. The vulnerability affects network-accessible instances and bypasses intended privilege boundaries by returning full configuration objects without proper authorization checks. CVSS score of 7.7 reflects high confidentiality impact with scope change. No public exploit identified at time of analysis, though the attack vector is straightforward for authenticated users.

Authentication Bypass Elastic Information Disclosure
NVD VulDB
CVSS 3.1
7.7
EPSS
0.1%
CVE-2026-4498 HIGH This Week

Authenticated Kibana users with Fleet management privileges can read Elasticsearch index data beyond their intended RBAC permissions through debug route handlers in the Fleet plugin. This scope bypass affects Elastic Kibana deployments where users hold Fleet sub-feature privileges (agent policies, settings management). The vulnerability requires low-privilege authentication (PR:L) and has network attack vector (AV:N) with low complexity (AC:L), enabling cross-scope data confidentiality breach (S:C/C:H). No public exploit identified at time of analysis. EPSS data not available, but the specific privilege escalation vector and remote exploitability warrant prioritization in Kibana Fleet deployments.

Privilege Escalation Elastic
NVD VulDB
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-35446 HIGH PATCH This Week

Path traversal in LORIS neuroimaging research platform versions 24.0.0 through 27.0.2 and 28.0.0 allows authenticated attackers to bypass directory restrictions in FilesDownloadHandler, enabling unauthorized access to files outside intended download directories. The vulnerability exploits incorrect operation ordering during file access validation, permitting low-privileged authenticated users to exfiltrate sensitive neuroimaging data and project files across organizational boundaries. CVSS 7.7 severity reflects cross-scope confidentiality breach with network accessibility and low attack complexity. No public exploit identified at time of analysis.

Information Disclosure Path Traversal Loris
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-39497 HIGH This Week

Blind SQL injection in FOX WooCommerce Currency Switcher plugin (versions ≤1.4.5) allows authenticated high-privilege users to extract database contents via crafted SQL commands. Attacker requires high-privilege access (PR:H) but can breach scope boundaries (S:C), achieving high confidentiality impact and limited availability disruption. No public exploit identified at time of analysis. Affects WordPress installations using the vulnerable plugin for multi-currency e-commerce functionality.

SQLi WordPress
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39496 HIGH This Week

SQL injection in YayCommerce YayMail plugin through version 4.3.3 enables authenticated administrators with high privileges to extract sensitive database information via blind SQL injection attacks. The vulnerability allows cross-scope confidentiality impact, meaning attackers can access data beyond their normal authorization boundaries. No public exploit identified at time of analysis, with EPSS score of 0.02% (6th percentile) indicating very low probability of exploitation in the wild.

SQLi Yaymail
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39487 HIGH This Week

Blind SQL injection in Amelia WordPress plugin (ameliabooking) version 2.1.1 and earlier allows authenticated privileged users to extract database contents through improper input sanitization. The vulnerability requires high-privilege access (administrator-level) but permits cross-scope impact, enabling extraction of confidential data and potential service disruption. CVSS 7.6 severity reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

SQLi Amelia
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39479 HIGH This Week

Blind SQL injection in Brainstorm Force OttoKit (WordPress plugin suretriggers) versions up to 1.1.20 allows privileged attackers with high-level administrative access to extract sensitive database information and potentially cause service disruptions. CVSS 7.6 severity driven by changed scope (container escape to underlying WordPress database). EPSS score of 0.02% (6th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, and no CISA KEV listing confirms active exploitation.

SQLi Ottokit
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39475 HIGH This Week

Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.1) allows authenticated attackers with low privileges to extract database contents through malicious SQL queries. The vulnerability enables cross-scope exploitation with high confidentiality impact and limited availability disruption. EPSS probability is low (0.02%, 6th percentile), no public exploit identified at time of analysis, and exploitation requires authenticated access with low attack complexity.

SQLi User Feedback
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-39466 HIGH This Week

Blind SQL injection in WPMU DEV Broken Link Checker WordPress plugin versions ≤2.4.7 allows authenticated high-privilege users to extract database contents and potentially cause limited availability impact. CVSS 7.6 with scope change indicates potential container escape from plugin context. EPSS score of 0.02% (6th percentile) suggests low immediate exploitation likelihood. No public exploit code or CISA KEV listing identified at time of analysis. Patchstack discovery indicates vulnerability likely responsibly disclosed through bug bounty channel.

SQLi WordPress
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-5301 HIGH PATCH This Week

Remote stored cross-site scripting in CoolerControl UI's log viewer (versions 2.0.0 through 3.x) enables complete service compromise when administrators view poisoned log entries. GitLab-reported vulnerability affects coolercontrol-ui versions before 4.0.0. Attack requires user interaction (administrator must view logs) but no authentication to inject payload. EPSS score of 0.02% (5th percentile) indicates very low observed exploitation probability. No public exploit identified at time of analysis, not listed in CISA KEV.

XSS Suse
NVD
CVSS 3.1
7.6
EPSS
0.0%
CVE-2026-23869 HIGH PATCH GHSA This Week

Denial of service in React Server Components (react-server-dom-parcel, react-server-dom-turbopack, react-server-dom-webpack versions 19.0.0-19.0.4, 19.1.0-19.1.5, 19.2.0-19.2.4) allows unauthenticated remote attackers to cause excessive CPU consumption lasting up to one minute via specially crafted HTTP requests to Server Function endpoints. The malicious payload triggers resource exhaustion without requiring authentication or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS unavailable).

Denial Of Service
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-39863 HIGH PATCH This Week

Out-of-bounds memory access in Kamailio SIP server versions before 5.8.8, 6.0.6, and 6.1.1 enables unauthenticated remote attackers to crash server processes via malformed TCP packets. Affects deployments with TCP or TLS listeners enabled. Exploits network-accessible SIP signaling infrastructure without authentication or user interaction, resulting in complete service unavailability. No public exploit identified at time of analysis.

Buffer Overflow Denial Of Service Kamailio
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-33756 HIGH PATCH This Week

Denial of service affects Saleor e-commerce platform versions 2.0.0 through 3.22.x via unlimited GraphQL query batching. Unauthenticated remote attackers can submit a single HTTP request containing an unbounded array of GraphQL operations, bypassing per-query complexity controls to exhaust server resources and render the platform unavailable. Vendor-released patches are available across all affected major versions (3.20.118, 3.21.54, 3.22.47, 3.23.0a3). No public exploit identified at time of analysis, though the attack vector is straightforward (CVSS AV:N/AC:L/PR:N).

Denial Of Service Saleor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39684 HIGH This Week

Local file inclusion in UnTheme OrganicFood WordPress theme versions up to 3.6.4 enables authenticated attackers with low privileges to read arbitrary files on the server and potentially achieve remote code execution. Exploitation requires network access and high attack complexity (CVSS AC:H), allowing disclosure of sensitive configuration data, credentials, and system files. Authenticated access (PR:L) is required. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.05%).

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39681 HIGH This Week

Local File Inclusion in ApusTheme Homeo WordPress theme versions ≤1.2.59 allows authenticated attackers with low privileges to read arbitrary files on the server via improper file inclusion controls. The vulnerability stems from insufficient validation of file paths in PHP include/require statements, enabling access to sensitive configuration files, credentials, or other restricted content. EPSS score of 0.05% (17th percentile) indicates low predicted exploitation probability, and no public exploit or active exploitation (CISA KEV) has been identified at time of analysis.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39679 HIGH This Week

Local File Inclusion in ApusTheme Freeio WordPress theme (versions ≤1.3.21) allows authenticated attackers with low privileges to read arbitrary files on the server via PHP file inclusion flaws. Attack complexity is high (AC:H), requiring specific conditions beyond basic authentication. EPSS probability is low (0.05%, 17th percentile) with no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39677 HIGH This Week

Local File Inclusion in Emphires WordPress theme versions ≤3.9 allows authenticated attackers with low privileges to read arbitrary files from the server file system via improper PHP file inclusion controls. Attack complexity is rated high (AC:H), suggesting specific conditions must be met. EPSS exploitation probability is low (0.05%, 17th percentile) with no public exploit identified at time of analysis. Authenticated access requirement and high complexity reduce immediate risk despite CVSS 7.5 rating.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39623 HIGH This Week

Local file inclusion vulnerability in kutethemes Biolife WordPress theme versions up to 3.2.3 enables authenticated attackers with low privileges to include and execute arbitrary PHP files from the server filesystem via improper filename control in include/require statements. Exploitation requires network access and high complexity conditions (CVSS:3.1 AV:N/AC:H/PR:L), potentially leading to information disclosure, code execution, and full system compromise. No public exploit identified at time of analysis. EPSS score indicates low observed exploitation activity (0.05%).

Information Disclosure LFI PHP
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39613 HIGH This Week

Local file inclusion in kutethemes Boutique WordPress theme versions ≤2.3.3 allows authenticated attackers with low privileges to include arbitrary PHP files, leading to high-severity impacts including information disclosure, code execution, and system compromise. Exploitation requires network access with high attack complexity. No public exploit identified at time of analysis. Authenticated attack vector (PR:L) limits exposure to users with existing credentials.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39611 HIGH This Week

Local File Inclusion vulnerability in KuteShop WordPress theme versions ≤4.2.9 enables authenticated attackers with low privileges to include arbitrary PHP files through improper filename control in require/include statements. Exploitation requires high attack complexity and yields complete confidentiality, integrity, and availability compromise within the application context. No public exploit identified at time of analysis. EPSS 0.05% indicates low observed exploitation activity.

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39544 HIGH This Week

Local file inclusion in themeStek LabtechCO WordPress theme versions through 8.3 allows authenticated attackers with low privileges to read arbitrary files from the web server. Despite the CWE classification mentioning remote file inclusion, available data (tags, Patchstack categorization) confirms this is a local file inclusion vulnerability. EPSS score of 0.05% (17th percentile) indicates low observed exploitation probability in the wild, with no confirmed active exploitation (not in CISA KEV)

PHP Information Disclosure LFI
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39538 HIGH This Week

Local File Inclusion in Mikado Core WordPress plugin (≤1.6) allows authenticated remote attackers to read arbitrary files on the server via improper filename control in PHP include/require statements. Despite a 7.5 CVSS score, real-world risk is limited by low-privilege authentication requirement (PR:L) and high attack complexity (AC:H). EPSS exploitation probability is minimal (0.05%, 17th percentile), with no public exploit identified at time of analysis. Reported by Patchstack, this CWE-98 vulnerability enables information disclosure and potential code execution if attackers chain it with file upload or log poisoning techniques.

PHP LFI Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-35401 HIGH PATCH This Week

GraphQL query complexity abuse in Saleor e-commerce platform enables unauthenticated denial-of-service through alias-based or chained mutation requests. Attackers craft single API calls containing excessive GraphQL operations (mutations/queries) via aliasing or chaining, exhausting server resources and disrupting service availability. Affects Saleor versions 2.0.0 through 3.22.x, with no authentication required for exploitation. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis.

Denial Of Service Saleor
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-39889 HIGH PATCH GHSA This Week

Unauthenticated information disclosure in PraisonAI's A2U event stream server allows remote attackers to intercept real-time AI agent activity including responses, internal reasoning chains, and tool invocation arguments. The create_a2u_routes() function exposes five endpoints (/a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, /a2u/health) without authentication controls. Attackers subscribe via POST /a2u/subscribe to receive subscription IDs, then stream live Server-Sent Events containing sensitive agent outputs. Affects PraisonAI Python package (pkg:pip/praisonai) versions prior to 4.5.115. No public exploit identified at time of analysis.

Information Disclosure
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-33350 HIGH PATCH This Week

SQL injection in LORIS neuroimaging research platform versions prior to 27.0.3 and 28.0.1 enables unauthenticated remote attackers to extract or modify database contents via the MRI feedback popup window in the imaging browser module. The vulnerability permits unauthorized access to sensitive neuroimaging research data and project management information without authentication. CVSS 7.5 (High severity) reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis.

SQLi Loris
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30075 HIGH This Week

Buffer overflow in OpenAirInterface 2.2.0 AUSF component crashes service when processing oversized NAS PDU Authentication Response via UplinkNASTransport messages. Unauthenticated remote attackers can send malformed authentication responses (e.g., 100-byte payloads exceeding expected bounds) triggering AUSF component crash, preventing legitimate user registration and verification. Affects 5G core network deployments using OpenAirInterface AUSF. No public exploit identified at time of analysis. CVSS 7.5 High severity due to network-accessible denial of service without authentication requirements.

Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-39885 HIGH PATCH GHSA This Week

Server-Side Request Forgery in mcp-from-openapi (<= 2.1.2) allows unauthenticated remote attackers to retrieve cloud metadata credentials, scan internal networks, and read local files by providing malicious OpenAPI specifications containing $ref pointers to internal URLs (http://169.254.169.254/) or file:// paths. The library's json-schema-ref-parser fetches referenced resources without protocol or hostname restrictions during OpenAPI document initialization, enabling AWS/GCP/Azure credential theft and arbitrary file disclosure with no privileges required beyond spec submission.

SSRF Microsoft
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-34392 HIGH PATCH This Week

Path traversal in LORIS neuroimaging research platform (versions 20.0.0 through 27.0.2 and 28.0.0) enables unauthenticated remote attackers to download arbitrary files outside intended directories via malicious requests to static file router endpoints (/static, /css, /js). Vulnerability permits high-impact information disclosure including sensitive research data, configuration files, and potentially database credentials. No public exploit identified at time of analysis. Affects self-hosted LORIS installations across academic and clinical neuroimaging research environments.

Information Disclosure Path Traversal Loris
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-12664 HIGH PATCH This Week

Denial of service in GitLab CE/EE versions 13.0 through 18.10.2 allows unauthenticated remote attackers to exhaust server resources via repeated GraphQL queries. Affects all installations from version 13.0 before patched releases 18.8.9, 18.9.5, and 18.10.3. Attackers can degrade or halt GitLab service availability without authentication, impacting development workflows and CI/CD pipelines. No public exploit identified at time of analysis.

Denial Of Service Gitlab
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50650 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via malformed routes_static parameter to /router.asp endpoint. The vulnerability permits network-accessible attackers to crash the device without credentials or user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects complete availability impact with network attack vector and low complexity.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50673 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed http_lanport parameter values to the /webgl.asp endpoint. Network-accessible attack requires no user interaction or privileges. Exploitation causes availability impact only with no confidentiality or integrity compromise. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50649 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed vlan_name parameter submitted to /shut_set.asp endpoint. Improper input validation in VLAN configuration interface permits memory corruption leading to system availability disruption. CVSS 7.5 reflects network-accessible attack requiring no user interaction or credentials. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50648 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via malformed input to the /tggl.asp endpoint. The vulnerability stems from inadequate input validation, allowing network-accessible exploitation without authentication or user interaction. Exploitation results in high-impact availability loss with no confidentiality or integrity compromise. No public exploit identified at time of analysis. EPSS score indicates low observed exploitation activity.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50646 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed input to the name parameter at /qos_type_asp.asp endpoint. Attackers can trigger service disruption without authentication or user interaction by exploiting insufficient input validation in the QoS management interface. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50672 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 via /yyxz_dlink.asp endpoint enables unauthenticated network-based denial of service attacks. Improper parameter validation allows remote attackers to crash the device or trigger service interruption without authentication, user interaction, or elevated privileges. CVSS 7.5 (High) severity reflects network accessibility and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50644 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 qj.asp endpoint enables unauthenticated remote denial-of-service attacks through malformed HTTP requests. Insufficient input validation allows attackers to trigger memory corruption, crashing the device and disrupting network services. Confidentiality and integrity remain intact per CVSS scoring, but availability impact is severe. No public exploit identified at time of analysis. EPSS indicates low observed exploitation activity.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50662 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /url_group.asp endpoint. Attackers can trigger stack-based buffer overflow remotely over network without user interaction, causing high availability impact through service disruption or device crash. No public exploit identified at time of analysis. CVSS 7.5 severity reflects network-accessible attack vector with low complexity.

D-Link Buffer Overflow Stack Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50653 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via malformed name and mem parameters submitted to the /time_group.asp endpoint. The vulnerability requires no user interaction and permits network-based exploitation with low attack complexity. No public exploit identified at time of analysis. EPSS score of 0.02% indicates low observed exploitation activity.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50660 HIGH This Week

Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed name parameter values to the /url_member.asp endpoint. The vulnerability enables network-accessible attackers to crash the device without authentication or user interaction, disrupting availability of routing services. No public exploit identified at time of analysis.

D-Link Buffer Overflow Stack Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50669 HIGH This Week

Buffer overflow in D-Link DI-8003 (16.07.26A1) and DI-8003G (19.12.10A1) routers enables unauthenticated remote denial-of-service through improper handling of the wan_ping parameter at the /wan_ping.asp endpoint. Network-accessible attack requires no user interaction or privileges. CVSS:3.1 score 7.5 (High) reflects availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50659 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service via malformed custom_error parameter to /user.asp endpoint. Attackers can crash device remotely without credentials by exploiting stack-based buffer overflow (CWE-121). CVSS 7.5 reflects network-accessible, low-complexity attack requiring no user interaction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).

D-Link Buffer Overflow Stack Overflow
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50655 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed name parameter in /thd_group.asp endpoint. Improper input validation triggers stack-based buffer overflow, causing device crashes or service disruption without requiring user interaction. Attack vector is network-accessible with low complexity. No public exploit identified at time of analysis.

D-Link Buffer Overflow Stack Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50652 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed id parameter input to /saveparm_usb.asp endpoint. Exploitation requires network access to administrative interface without authentication. CWE-120 classification indicates classic buffer overflow allowing memory corruption. CVSS vector confirms network-exploitable, unauthenticated attack path with high availability impact but no data confidentiality or integrity compromise. No public exploit identified at time of analysis.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-30080 HIGH This Week

Integrity protection bypass in OpenAirInterface v2.2.0 allows unauthenticated network attackers to downgrade 5G security context by forcing acceptance of IA0-only capability during initial UE registration, despite NIA1/NIA2 being configured. Exploitation enables replay attacks against mobile network infrastructure through manipulation of Security Mode Complete messages, compromising session integrity without confidentiality impact. No public exploit identified at time of analysis.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-50647 HIGH This Week

Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed wans parameter input to the qos.asp Quality-of-Service configuration endpoint. Exploitation requires no user interaction and achieves complete availability impact against network infrastructure device. Low observed exploitation activity (EPSS 0.02%, 5th percentile); no public exploit identified at time of analysis.

D-Link Buffer Overflow
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 3 of 10 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy