CVE-2025-70246

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formVirtualServ...

CVE-2025-70242

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formSetWanPPTP...

CVE-2026-24317

SAP GUI for Windows allows DLL files to be loaded from arbitrary directories within the application. An unauthenticated attacker could exploit this vulnerability by persuading a victim to place a malicious DLL within one of these directories. The malicious command is executed in the victim user's...

Malicious Package

Overview gamma-api-provider is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

CVE-2026-3884

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

CVE-2026-3826

creationtimestamp| type| source ---|---|--- 2026-03-11 05:48:00+00:00| seen| https://www.twcert.org.tw/en/cp-139-10756-73f66-2.html 2026-03-11 07:32:46+00:00| seen| https://infosec.exchange/users/offseq/statuses/116209375951940410 2026-03-22 06:33:04+00:00| seen|...

EUVD-2026-11106

Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting XSS via the spin function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a...

GHSA-J443-WCQQ-XPRH

creationtimestamp| type| source ---|---|--- 2026-03-11 04:40:05+00:00| seen| https://gist.github.com/alon710/beef884f648182154845d222b09c6d82...

CVE-2026-27220

creationtimestamp| type| source ---|---|--- 2026-03-11 03:00:18+00:00| seen| https://helpx.adobe.com/security/products/acrobat/apsb26-26.html 2026-03-17 13:34:39+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3mhb3msqqvs22...

CVE-2026-23813

creationtimestamp| type| source ---|---|--- 2026-03-11 03:00:15+00:00| seen| https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05027enus&docLocale=enUS 2026-03-11 03:00:21+00:00| seen|...

PT-2026-24824

Copyparty is a portable file server. Prior to 1.20.12, if an attacker has been given both read- and write-permissions to the server, they can upload a malicious file with the filename .prologue.html and then craft a link to potentially execute arbitrary JavaScript in the victim's context. Note th...

Asseco SEE Live 安全漏洞

Asseco SEE Live is a real-time customer interaction and notification management system for financial services offered by the Polish company Asseco. Version 2.0 of Asseco SEE Live contains a security vulnerability. This vulnerability stems from improper access control in the Contact Plan, E-Mail,...

Himmelblau 后置链接漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions prior to Himmelblau 3.1.0 and 2.3.8 had a post-link vulnerability, which was due to insufficient protection for symbolic links, potentially allowing local privilege escalation...

PT-2026-24908

D-Link DIR-513 formEasySetupWizard3 stack-based overflow CVE: CVE-2026-3978 Vendor: D-link Product: DIR-513 CVSS: 8.7 Credits: LtzHust2 VulDB User Description: A vulnerability was detected in D-Link DIR-513 1.10. The impacted element is an unknown function of the file /goform/formEasySetupWizard3...

PT-2026-24820

Summary The POST /studiocms api/dashboard/create-reset-link endpoint allows any authenticated user with admin privileges to generate a password reset token for any other user, including the owner account. The handler verifies that the caller is an admin but does not enforce role hierarchy, nor do...

CVE-2025-66956

CVE-2025-66956 affects Asseco SEE Live 2.0’s Contact Plan, E-Mail, SMS and Fax components. Insecure access control permits remote attackers to access and execute attachments via a computable URL. Root cause is described as improper authorization checks in these components; the impact is remote ac...

GHSA-QMW5-2P58-XVRC

creationtimestamp| type| source ---|---|--- 2026-03-10 21:40:05+00:00| seen| https://gist.github.com/alon710/c10cdbd73c5cbd65710762162e90e072...

EUVD-2025-208536

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup...

EUVD-2025-208537

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the webPage parameter to goform/formWlanSetup...

EUVD-2025-208524

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWizard1...