Buffer overflow in OpenAirInterface 2.2.0 AUSF component crashes service when processing oversized NAS PDU Authentication Response via UplinkNASTransport messages. Unauthenticated remote attackers can send malformed authentication responses (e.g., 100-byte payloads exceeding expected bounds) triggering AUSF component crash, preventing legitimate user registration and verification. Affects 5G core network deployments using OpenAirInterface AUSF. No public exploit identified at time of analysis. CVSS 7.5 High severity due to network-accessible denial of service without authentication requirements.
Server-Side Request Forgery in mcp-from-openapi (<= 2.1.2) allows unauthenticated remote attackers to retrieve cloud metadata credentials, scan internal networks, and read local files by providing malicious OpenAPI specifications containing $ref pointers to internal URLs (http://169.254.169.254/) or file:// paths. The library's json-schema-ref-parser fetches referenced resources without protocol or hostname restrictions during OpenAPI document initialization, enabling AWS/GCP/Azure credential theft and arbitrary file disclosure with no privileges required beyond spec submission.
Path traversal in LORIS neuroimaging research platform (versions 20.0.0 through 27.0.2 and 28.0.0) enables unauthenticated remote attackers to download arbitrary files outside intended directories via malicious requests to static file router endpoints (/static, /css, /js). Vulnerability permits high-impact information disclosure including sensitive research data, configuration files, and potentially database credentials. No public exploit identified at time of analysis. Affects self-hosted LORIS installations across academic and clinical neuroimaging research environments.
Denial of service in GitLab CE/EE versions 13.0 through 18.10.2 allows unauthenticated remote attackers to exhaust server resources via repeated GraphQL queries. Affects all installations from version 13.0 before patched releases 18.8.9, 18.9.5, and 18.10.3. Attackers can degrade or halt GitLab service availability without authentication, impacting development workflows and CI/CD pipelines. No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via malformed name and mem parameters submitted to the /time_group.asp endpoint. The vulnerability requires no user interaction and permits network-based exploitation with low attack complexity. No public exploit identified at time of analysis. EPSS score of 0.02% indicates low observed exploitation activity.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /usb_paswd.asp endpoint. Stack-based buffer overflow (CWE-121) triggers memory corruption leading to service disruption. Affects network-accessible administrative interfaces without authentication barrier (CVSS AV:N/PR:N). No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via malformed routes_static parameter to /router.asp endpoint. The vulnerability permits network-accessible attackers to crash the device without credentials or user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects complete availability impact with network attack vector and low complexity.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed vlan_name parameter submitted to /shut_set.asp endpoint. Improper input validation in VLAN configuration interface permits memory corruption leading to system availability disruption. CVSS 7.5 reflects network-accessible attack requiring no user interaction or credentials. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via malformed input to the /tggl.asp endpoint. The vulnerability stems from inadequate input validation, allowing network-accessible exploitation without authentication or user interaction. Exploitation results in high-impact availability loss with no confidentiality or integrity compromise. No public exploit identified at time of analysis. EPSS score indicates low observed exploitation activity.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed input to the name parameter at /qos_type_asp.asp endpoint. Attackers can trigger service disruption without authentication or user interaction by exploiting insufficient input validation in the QoS management interface. EPSS indicates low observed exploitation activity; no public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 qj.asp endpoint enables unauthenticated remote denial-of-service attacks through malformed HTTP requests. Insufficient input validation allows attackers to trigger memory corruption, crashing the device and disrupting network services. Confidentiality and integrity remain intact per CVSS scoring, but availability impact is severe. No public exploit identified at time of analysis. EPSS indicates low observed exploitation activity.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks via crafted name parameter to /url_group.asp endpoint. Attackers can trigger stack-based buffer overflow remotely over network without user interaction, causing high availability impact through service disruption or device crash. No public exploit identified at time of analysis. CVSS 7.5 severity reflects network-accessible attack vector with low complexity.
Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed name parameter values to the /url_member.asp endpoint. The vulnerability enables network-accessible attackers to crash the device without authentication or user interaction, disrupting availability of routing services. No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service via malformed custom_error parameter to /user.asp endpoint. Attackers can crash device remotely without credentials by exploiting stack-based buffer overflow (CWE-121). CVSS 7.5 reflects network-accessible, low-complexity attack requiring no user interaction. No public exploit identified at time of analysis; low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed name parameter in /thd_group.asp endpoint. Improper input validation triggers stack-based buffer overflow, causing device crashes or service disruption without requiring user interaction. Attack vector is network-accessible with low complexity. No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed id parameter input to /saveparm_usb.asp endpoint. Exploitation requires network access to administrative interface without authentication. CWE-120 classification indicates classic buffer overflow allowing memory corruption. CVSS vector confirms network-exploitable, unauthenticated attack path with high availability impact but no data confidentiality or integrity compromise. No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed wans parameter input to the qos.asp Quality-of-Service configuration endpoint. Exploitation requires no user interaction and achieves complete availability impact against network infrastructure device. Low observed exploitation activity (EPSS 0.02%, 5th percentile); no public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through malformed id parameter in /thd_member.asp endpoint. Exploiting this CWE-120 flaw requires no authentication (CVSS:PR:N) and permits network-based attackers to crash device availability with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%). Affects D-Link network infrastructure devices running vulnerable firmware version.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed pid parameter values in the /trace.asp endpoint. The vulnerability requires no user interaction and is exploitable over the network with low attack complexity, affecting network availability for enterprise routing infrastructure. No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 allows unauthenticated remote attackers to trigger denial-of-service conditions by sending malformed http_lanport parameter values to the /webgl.asp endpoint. Network-accessible attack requires no user interaction or privileges. Exploitation causes availability impact only with no confidentiality or integrity compromise. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 via /yyxz_dlink.asp endpoint enables unauthenticated network-based denial of service attacks. Improper parameter validation allows remote attackers to crash the device or trigger service interruption without authentication, user interaction, or elevated privileges. CVSS 7.5 (High) severity reflects network accessibility and availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link DI-8003 (16.07.26A1) and DI-8003G (19.12.10A1) routers enables unauthenticated remote denial-of-service through improper handling of the wan_ping parameter at the /wan_ping.asp endpoint. Network-accessible attack requires no user interaction or privileges. CVSS:3.1 score 7.5 (High) reflects availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed 's' parameter input to the /web_list_opt.asp endpoint. The vulnerability requires no user interaction and is exploitable over the network with low attack complexity. CVSS 7.5 (High) reflects network-accessible DoS impact. No public exploit identified at time of analysis; low observed exploitation activity (EPSS <1%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service via malicious iface parameter to /wan_line_detection.asp endpoint. Attack requires no user interaction and exploits improper input validation in network-accessible web management interface. CVSS 7.5 (High) severity reflects availability impact; no public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link enterprise VPN router series (DI-8003, DI-8500, DI-8003G, DI-8200G, DI-8200, DI-8400, DI-8004w, DI-8100, DI-8100G) firmware versions 16.07.26A1 and 17.12.20A1/17.12.21A1 allows unauthenticated remote attackers to trigger denial of service via crafted HTTP requests exploiting rd_en, rd_auth, rd_acct, http_hadmin, http_hadminpwd, rd_key, and rd_ip parameters in radius_asp function. Attack requires no user interaction or authentication (CVSS:3.1 AV:N/AC:L/PR:N/UI:N). No public exploit identified at time of analysis.
Integrity protection bypass in OpenAirInterface v2.2.0 allows unauthenticated network attackers to downgrade 5G security context by forcing acceptance of IA0-only capability during initial UE registration, despite NIA1/NIA2 being configured. Exploitation enables replay attacks against mobile network infrastructure through manipulation of Security Mode Complete messages, compromising session integrity without confidentiality impact. No public exploit identified at time of analysis.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service attacks. Attackers can trigger memory corruption by submitting oversized 's' parameter values to the pppoe_list_opt.asp endpoint without authentication, causing device unavailability. CVSS 7.5 severity reflects network-accessible attack vector with low complexity. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 enables unauthenticated remote attackers to trigger denial of service conditions via malformed input to the fn parameter in tgfile_htm function. Network-accessible attack vector requires no privileges or user interaction. CVSS 7.5 (High) reflects availability impact. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS 0.02%).
Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions through malformed fx parameter input to the jingx_asp function. Network-accessible exploitation requires no authentication or user interaction (CVSS AV:N/PR:N/UI:N). Impact limited to availability disruption; no data confidentiality or integrity compromise. No public exploit identified at time of analysis. EPSS 0.02% indicates low observed exploitation activity.
Buffer overflow in D-Link DI-8300 router firmware v16.07.26A1 ip_position_asp function enables unauthenticated remote attackers to trigger denial of service through crafted input to the ip parameter. Network-accessible vulnerability requires no user interaction. No public exploit identified at time of analysis. CVSS 7.5 (High) reflects unauthenticated network attack vector with complete availability impact.
Denial of service in GitLab CE/EE versions 12.10 through 18.8.8, 18.9 through 18.9.4, and 18.10 through 18.10.2 allows unauthenticated remote attackers to crash GitLab services via malformed JSON payloads. Improper input validation (CWE-1284) enables resource exhaustion attacks without authentication. CVSS 7.5 (High) reflects network-accessible attack with low complexity requiring no user interaction. No public exploit identified at time of analysis. EPSS data unavailable; not listed in CISA KEV.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service attacks through crafted HTTP GET requests to /web_keyword.asp endpoint. Attackers exploit improper input validation in name, en, time, mem_gb2312, and mem_utf8 parameters to trigger memory corruption, causing device unavailability. CVSS 7.5 (High) severity reflects network-accessible attack vector requiring no user interaction or privileges. No public exploit identified at time of analysis; low observed exploitation activity.
Stack-based buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial-of-service via malformed HTTP GET request to /user_group.asp endpoint. Attacker sends crafted name, mem, pri, or attr parameters triggering memory corruption and device crash. CVSS 7.5 High severity reflects network-accessible attack requiring no privileges or user interaction. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to /xwgl_bwr.asp endpoint. Exploitation occurs through oversized name, qq, or time parameters causing memory corruption. CVSS score 7.5 reflects high availability impact without confidentiality or integrity compromise. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to /web_post.asp endpoint. Vulnerable parameters include name, en, user_id, log, and time fields. Attack requires no user interaction and exploits improper input validation in web management interface. CVSS 7.5 (High) severity with network-accessible attack vector. No public exploit identified at time of analysis. Low observed exploitation activity (EPSS <1%).
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote denial of service through the /xwgl_ref.asp endpoint. Attackers exploit improper input validation by sending HTTP GET requests with excessively long strings in eight parameters (name, en, user_id, shibie_name, time, act, log, rpri), causing stack buffer overflow and device crash. Low observed exploitation activity (EPSS <1%). No public exploit identified at time of analysis. Affects network-accessible management interface without authentication requirements.
Buffer overflow in D-Link DI-8003 router firmware 16.07.26A1 enables unauthenticated remote attackers to trigger denial-of-service conditions via crafted HTTP GET requests to the /url_rule.asp endpoint. Exploitation requires no user interaction and succeeds over network access with low complexity. Eight vulnerable parameters (name, en, ips, u, time, act, rpri, log) accept unbounded input causing stack memory corruption. CVSS 7.5 HIGH severity reflects network-accessible availability impact. No public exploit identified at time of analysis. EPSS 0.01% indicates low observed exploitation activity.
Denial of service in Go's crypto/x509 chain builder allows remote attackers to exhaust server resources by submitting a large number of intermediate certificates during TLS handshake or direct certificate verification. Affects crypto/x509 versions prior to 1.25.9 and 1.26.0-1.26.1. No public exploit identified at time of analysis, though SSVC assessment indicates the attack is automatable. EPSS exploitation probability is minimal (0.01%), suggesting low observed attacker interest despite the network-accessible attack surface and lack of authentication requirements.
Algorithmic complexity denial of service in Go's crypto/x509 library allows remote attackers to cause resource exhaustion via certificate chains containing excessive policy mappings. Affects Go versions <1.25.9 and 1.26.0-1.26.1. Attack requires no authentication (CVSS AV:N/PR:N) but targets only otherwise-trusted certificate chains from roots in the system or configured trust store. EPSS score 0.01% indicates minimal observed exploitation probability. No active exploitation confirmed (not in CI
Deadlock in Go's crypto/tls library (versions <1.25.9 and 1.26.0-1.26.1) allows remote unauthenticated attackers to trigger denial of service via multiple TLS 1.3 post-handshake key update messages sent in a single record. CVSS 7.5 (High) with network attack vector and low complexity, but EPSS score of 0.01% (0th percentile) indicates minimal real-world exploitation probability. Vendor-released patches available in Go 1.25.9 and 1.26.2, with no public exploit code identified at time of analysis.
Red Hat Quay's container image upload mechanism allows authenticated users with push privileges to interfere with concurrent uploads by other users across the entire registry, enabling unauthorized read, modification, or cancellation of in-progress uploads in repositories they cannot access. This cross-repository attack vector affects Red Hat Quay 3.x and Mirror Registry deployments. EPSS score of 0.03% (8th percentile) indicates low predicted exploitation probability in the wild, and CISA SSVC framework rates this as non-automatable with no known exploitation, suggesting targeted risk rather than widespread threat despite the 7.4 CVSS score.
Privilege escalation in Eclipse Jetty 9.4.0-12.1.7 allows unauthenticated remote attackers to bypass authentication via ThreadLocal variable pollution in JASPIAuthenticator. Early returns from authentication checks fail to clear ThreadLocal values, causing subsequent requests on the same thread to inherit elevated privileges. CVSS 7.4 with high complexity but no authentication required. EPSS and KEV status not provided; no public exploit identified at time of analysis. Affects all major Jetty versions from 9.x through 12.x.
Stored Cross-Site Scripting in Immich photo management platform versions prior to 2.7.0 enables authenticated attackers to execute arbitrary JavaScript when victims view malicious 360° panorama images with OCR overlay enabled. Attackers upload specially crafted equirectangular images containing malicious text that OCR extracts and the panorama viewer renders unsanitized via innerHTML. Exploitation permits session hijacking through persistent API key creation, exfiltration of private photos, GPS location history theft, and unauthorized access to facial biometric data. No public exploit identified at time of analysis.
Stack-based buffer overflow in TP-Link Archer AX53 v1.0 tmpServer module enables authenticated adjacent attackers to execute arbitrary code via malicious configuration file. Exploitation triggers segmentation fault, permits device state modification, sensitive data exposure, and integrity compromise. Affects firmware versions before 1.7.1 Build 20260213. Requires high privileges and adjacent network access. No public exploit identified at time of analysis.
Arbitrary file upload in Gerador de Certificados - DevApps plugin for WordPress (all versions ≤1.3.6) enables authenticated administrators to upload files without type validation, creating remote code execution opportunities. The vulnerability stems from missing file type validation in the moveUploadedFile() function. CVSS 7.2 (High) reflects network-accessible attack requiring high privileges; EPSS data not provided, no public exploit identified at time of analysis, not listed in CISA KEV.
Server-Side Request Forgery (SSRF) in IBM Verify Identity Access and Security Verify Access products (versions 10.0-11.0.2) allows unauthenticated remote attackers to contact internal authentication endpoints that should be protected by the Reverse Proxy component. This bypass enables attackers to interact with restricted internal services, potentially leading to unauthorized information disclosure and limited integrity impact. EPSS data not provided, but CVSS 7.2 (High) with network-accessible, low-complexity attack vector indicates moderate real-world risk. No evidence of active exploitation (not in CISA KEV) or public exploit code at time of analysis.
Privilege escalation in InvenTree inventory management system versions prior to 1.2.7 and 1.3.0 allows remote unauthenticated attackers to elevate any user account to staff level through improperly secured API endpoints. Exploitation requires no special conditions beyond network access and enables unauthorized administrative access to inventory management functions. EPSS score of 0.03% (8th percentile) indicates low observed exploitation likelihood, and SSVC assessment confirms no known exploitation with non-automatable attack requiring user account creation first.
Cache key collision in Mercure hub TopicSelectorStore enables authorization bypass through crafted topic names. Attackers can poison the match result cache by exploiting underscore-based key concatenation, causing private updates to be delivered to unauthorized subscribers or blocking legitimate deliveries. Affects Go package github.com/dunglas/mercure prior to version 0.22.0. Exploitation requires ability to subscribe to the hub or publish updates with specially crafted topic/selector combinations. No public exploit identified at time of analysis.
Memory exhaustion in MinIO S3 Select (RELEASE.2018-08-18T03-49-57Z through RELEASE.2025-12-20T04-58-37Z) allows authenticated users with s3:PutObject and s3:GetObject permissions to crash the server by uploading CSV files lacking newline characters. The vulnerable CSV reader buffers entire lines into memory without size limits, enabling attackers to trigger out-of-memory conditions. A ~2 MB compressed CSV can decompress to gigabytes without newlines, causing denial of service. No public exploit identified at time of analysis.
Cross-origin request body replay in OpenClaw's fetchWithSsrFGuard function before version 2026.3.31 enables attackers to exfiltrate sensitive request data and headers to unintended origins through redirect manipulation. The vulnerability requires user interaction and allows high confidentiality impact through unsafe request body transmission across origin boundaries. Affects unauthenticated contexts. No public exploit identified at time of analysis, with low observed exploitation activity (EPSS <1%).