7.0
CVE-2026-31411 - net: atm: fix crash due to unvalidated vcc pointer in sigd_send()
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the vcc pointer from msg->vcc and uses it directly without any validatiโฆ
7.5
CVE-2025-50644 - Buffer Overflow in DโLink DIโ8003 Firmware via qj.asp Endpoint
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint.
7.5
CVE-2025-50648 -
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.
7.5
CVE-2025-52222 - Buffer Overflow Exploitation Allowing Denial of Service in DโLink Router Firmware
D-Link DI-8003 v16.07.26A1, DI-8500 v16.07.26A1; DI-8003G v17.12.21A1, DI-8200G v17.12.20A1, DI-8200 v16.07.26A1, DI-8400 v16.07.26A1, DI-8004w v16.07.26A1, DI-8100 v16.07.26A1, and DI-8100G v17.12.20A1 were discovered to contain a buffer overflow via the rd_en, rd_auth, rd_acct, http_hadmin, http_โฆ
7.5
CVE-2025-50657 - Buffer Overflow in /trace.asp Endpoint of DโLink DIโ8003 16.07.26A1
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
7.5
CVE-2025-50646 - Buffer Overflow in DโLink DIโ8003 /qos_type_asp.asp Endpoint
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.
7.5
CVE-2025-50666 - Buffer Overflow in DโLink DIโ8003 web_post.asp Allows Remote Exploitation
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
7.5
CVE-2025-50662 - Buffer Overflow in D-Link DI-8003 URL Group Endpoint
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
6.1
CVE-2026-4394 - Gravity Forms <= 2.9.30 - Unauthenticated Stored Cross-Site Scripting via Credit Card 'Card Type' Sโฆ
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Credit Card field's 'Card Type' sub-field (`input_<id>.4`) in all versions up to, and including, 2.9.30. This is due to the `get_value_entry_detail()` method in the `GF_Field_CreditCard` class outputting theโฆ
4.7
CVE-2026-4406 - Gravity Forms <= 2.9.30 - Reflected Cross-Site Scripting via 'form_ids' Parameter
The Gravity Forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the `form_ids` parameter in the `gform_get_config` AJAX action in all versions up to, and including, 2.9.30. This is due to the `GFCommon::send_json()` method outputting JSON-encoded data wrapped in HTML commโฆ