-
ABUP IoT Cloud Platform
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable remotely/Low attack complexity Vendor: ABUP Equipment: ABUP Internet of Things (IoT) Cloud Platform Vulnerability: Incorrect Privilege Assignment 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access device profiles for which they are not authorized. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…
-
ATT&CK v17: New Platform (ESXi), Collection Optimization, & More Countermeasures
By: Amy Robertson and Adam Pennington Our goal with ATT&CK v17 is to help defenders stay aligned with where adversaries are headed by looking at where they’ve recently been. This release aims to inform defensive efforts by focusing on the platforms adversaries are exploiting, the techniques they’re adapting, and the environments they’re targeting. Enterprise now…
-
CVE-2025-5701 – HyperComments WordPress Privilege Escalation Vulnerability
CVE ID : CVE-2025-5701 Published : June 5, 2025, 12:15 p.m. | 1 hour, 9 minutes ago Description : The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hc_request_handler function in all versions up to, and including, 1.2.2. This makes…
-
CVE-2025-3055 – WordPress User Frontend Pro File Deletion Vulnerability
CVE ID : CVE-2025-3055 Published : June 5, 2025, 6:15 a.m. | 7 hours, 9 minutes ago Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated…
-
CVE-2025-3054 – WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability
CVE ID : CVE-2025-3054 Published : June 5, 2025, 6:15 a.m. | 7 hours, 9 minutes ago Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated…
-
CVE-2025-1793 – AWS Run-llama SQL Injection Vulnerability
CVE ID : CVE-2025-1793 Published : June 5, 2025, 5:15 a.m. | 8 hours, 9 minutes ago Description : Multiple vector store integrations in run-llama/llama_index version v0.12.21 have SQL injection vulnerabilities. These vulnerabilities allow an attacker to read and write data using SQL, potentially leading to unauthorized access to data of other users depending on the usage…
-
CVE-2025-5630 – D-Link DIR-816 Remote Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-5630 Published : June 5, 2025, 3:15 a.m. | 10 hours, 9 minutes ago Description : A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. This vulnerability affects unknown code of the file /goform/form2lansetup.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be initiated…
-
CVE-2025-5629 – Tenda AC10 HTTP Handler PPTP Server Buffer Overflow Vulnerability
CVE ID : CVE-2025-5629 Published : June 5, 2025, 3:15 a.m. | 10 hours, 9 minutes ago Description : A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer…
-
CVE-2025-5624 – “D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability”
CVE ID : CVE-2025-5624 Published : June 5, 2025, 1:15 a.m. | 12 hours, 10 minutes ago Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been declared as critical. This vulnerability affects the function QoSPortSetup of the file /goform/QoSPortSetup. The manipulation of the argument port0_group/port0_remarker/ssid0_group/ssid0_remarker leads to stack-based buffer overflow. The attack can…
-
CVE-2025-5623 – D-Link DIR-816 Stack-Based Buffer Overflow Vulnerability
CVE ID : CVE-2025-5623 Published : June 5, 2025, 12:15 a.m. | 13 hours, 9 minutes ago Description : A vulnerability was found in D-Link DIR-816 1.10CNB05. It has been classified as critical. This affects the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to stack-based buffer overflow. It is possible to…