Search Results (80921 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-0562 2 Lollms, Parisneo 2 Lollms, Parisneo/lollms 2026-04-22 8.3 High
A critical security vulnerability in parisneo/lollms versions up to 2.2.0 allows any authenticated user to accept or reject friend requests belonging to other users. The `respond_request()` function in `backend/routers/friends.py` does not implement proper authorization checks, enabling Insecure Direct Object Reference (IDOR) attacks. Specifically, the `/api/friends/requests/{friendship_id}` endpoint fails to verify whether the authenticated user is part of the friendship or the intended recipient of the request. This vulnerability can lead to unauthorized access, privacy violations, and potential social engineering attacks. The issue has been addressed in version 2.2.0.
CVE-2025-50666 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /web_post.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request in parameters such as name, en, user_id, log, and time.
CVE-2025-50665 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of input parameters in the /web_keyword.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request via the name, en, time, mem_gb2312, and mem_utf8 parameters.
CVE-2025-50664 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr.
CVE-2025-50663 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint.
CVE-2025-50662 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint.
CVE-2025-50661 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log.
CVE-2025-50660 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint.
CVE-2025-50659 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint.
CVE-2025-50657 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint.
CVE-2025-50655 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint.
CVE-2025-50654 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of the id parameter in the /thd_member.asp endpoint.
CVE-2025-50653 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint.
CVE-2025-50652 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparm_usb.asp endpoint.
CVE-2025-50650 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate validation of input size in the routes_static parameter in the /router.asp endpoint.
CVE-2025-50649 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper input validation in the vlan_name parameter in the /shut_set.asp endpoint.
CVE-2025-50648 2 D-link, Dlink 3 Di-8003, Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint.
CVE-2025-50647 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint.
CVE-2025-50646 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to insufficient input validation on the name parameter in the /qos_type_asp.asp endpoint.
CVE-2025-50645 1 Dlink 2 Di-8003, Di-8003 Firmware 2026-04-22 7.5 High
A vulnerability has been discovered in D-Link DI-8003 16.07.26A1, which can lead to a buffer overflow when the s parameter in the pppoe_list_opt.asp endpoint is manipulated. By sending a crafted request with an excessively large value for the s parameter, an attacker can trigger a buffer overflow condition.