Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2025-2621
D-Link DAP-1620 storage check_dws_cookie stack-based overflow
Description: A vulnerability was found in D-Link DAP-1620 1.03 and classified as critical. This issue affects the function check_dws_cookie of the file /storage. The manipulation of the argument uid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Eine kritische Schwachstelle wurde in D-Link DAP-1620 1.03 gefunden. Betroffen davon ist die Funktion check_dws_cookie der Datei /storage. Durch Manipulation des Arguments uid mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: CRITICAL (9.3)

EPSS Score: 0.19%

Source: CVE
March 22nd, 2025 (29 days ago)

CVE-2025-2620
D-Link DAP-1620 Authentication storage mod_graph_auth_uri_handler stack-based overflow
Description: A vulnerability has been found in D-Link DAP-1620 1.03 and classified as critical. This vulnerability affects the function mod_graph_auth_uri_handler of the file /storage of the component Authentication Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. In D-Link DAP-1620 1.03 wurde eine kritische Schwachstelle gefunden. Betroffen ist die Funktion mod_graph_auth_uri_handler der Datei /storage der Komponente Authentication Handler. Durch die Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.

CVSS: CRITICAL (9.3)

EPSS Score: 9.7%

Source: CVE
March 22nd, 2025 (29 days ago)

CVE-2025-2619
D-Link DAP-1620 Cookie storage check_dws_cookie stack-based overflow
Description: A vulnerability, which was classified as critical, was found in D-Link DAP-1620 1.03. This affects the function check_dws_cookie of the file /storage of the component Cookie Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Es wurde eine kritische Schwachstelle in D-Link DAP-1620 1.03 gefunden. Hiervon betroffen ist die Funktion check_dws_cookie der Datei /storage der Komponente Cookie Handler. Mit der Manipulation mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.

CVSS: CRITICAL (9.3)

EPSS Score: 0.19%

Source: CVE
March 22nd, 2025 (29 days ago)

CVE-2025-2618
D-Link DAP-1620 Path api set_ws_action heap-based overflow
Description: A vulnerability, which was classified as critical, has been found in D-Link DAP-1620 1.03. Affected by this issue is the function set_ws_action of the file /dws/api/ of the component Path Handler. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. Eine kritische Schwachstelle wurde in D-Link DAP-1620 1.03 entdeckt. Davon betroffen ist die Funktion set_ws_action der Datei /dws/api/ der Komponente Path Handler. Dank Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

CVSS: CRITICAL (9.3)

EPSS Score: 0.19%

Source: CVE
March 22nd, 2025 (29 days ago)

CVE-2025-30472
Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in...
Description: Corosync through 3.1.9, if encryption is disabled or the attacker knows the encryption key, has a stack-based buffer overflow in orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.

CVSS: CRITICAL (9.0)

EPSS Score: 0.05%

Source: CVE
March 22nd, 2025 (29 days ago)

CVE-2025-29814
Microsoft Partner Center Elevation of Privilege Vulnerability
Description: Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.

CVSS: CRITICAL (9.3)

EPSS Score: 0.15%

SSVC Exploitation: none

Source: CVE
March 21st, 2025 (30 days ago)
[next] Authorization Bypass in Next.js Middleware
Description: Impact It is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. Patches For Next.js 15.x, this issue is fixed in 15.2.3 For Next.js 14.x, this issue is fixed in 14.2.25 For Next.js versions 11.1.4 thru 13.5.6, consult the below workaround. Workaround If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. Credits Allam Rachid (zhero;) Allam Yasser (inzo_) References https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw https://github.com/vercel/next.js/commit/52a078da3884efe6501613c7834a3d02a91676d2 https://github.com/vercel/next.js/commit/5fd3ae8f8542677c6294f32d18022731eab6fe48 https://nvd.nist.gov/vuln/detail/CVE-2025-29927 https://github.com/advisories/GHSA-f82v-jwr5-mffw

CVSS: CRITICAL (9.1)

EPSS Score: 91.42%

Source: Github Advisory Database (NPM)
March 21st, 2025 (30 days ago)
[InvokeAI] InvokeAI Deserialization of Untrusted Data vulnerability
Description: A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 via the /api/v2/models/install API. The vulnerability arises from unsafe deserialization of model files using torch.load without proper validation. Attackers can exploit this by embedding malicious code in model files, which is executed upon loading. This issue is fixed in version 5.4.3. References https://nvd.nist.gov/vuln/detail/CVE-2024-12029 https://github.com/invoke-ai/invokeai/commit/756008dc5899081c5aa51e5bd8f24c1b3975a59e https://github.com/pypa/advisory-database/tree/main/vulns/invokeai/PYSEC-2025-9.yaml https://huntr.com/bounties/9b790f94-1b1b-4071-bc27-78445d1a87a3 https://github.com/advisories/GHSA-mcrp-whpw-jp68

CVSS: CRITICAL (9.8)

EPSS Score: 45.95%

Source: Github Advisory Database (PIP)
March 21st, 2025 (30 days ago)

CVE-2025-29927
Authorization Bypass in Next.js Middleware
Description: Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.

CVSS: CRITICAL (9.1)

EPSS Score: 91.42%

Source: CVE
March 21st, 2025 (30 days ago)

CVE-2024-10443
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos...
Description: Improper neutralization of special elements used in a command ('Command Injection') vulnerability in Task Manager component in Synology BeePhotos before 1.0.2-10026 and 1.1.0-10053 and Synology Photos before 1.6.2-0720 and 1.7.0-0795 allows remote attackers to execute arbitrary code via unspecified vectors.

CVSS: CRITICAL (9.8)

EPSS Score: 1.84%

SSVC Exploitation: none

Source: CVE
March 21st, 2025 (about 1 month ago)