CVE CyberSecurity Database News (Page 249)

Feb 12, 2025 CSRF API Exploit

CVE-2025-25743 - New Command Injection Flaw in D-Link DIR-853 A1 (FW1.20B07) – Detailed Analysis & Exploitation

In early 2025, a severe vulnerability was found in the D-Link DIR-853 A1 router, running firmware version 1.20B07. Tracked as CVE-2025-25743, this security flaw

Feb 12, 2025 RCE

CVE-2025-25742 - Stack-Based Buffer Overflow in D-Link DIR-853 A1 (FW1.20B07) via `AccountPassword` Parameter

A fresh vulnerability, CVE-2025-25742, affecting the D-Link DIR-853 A1 wireless router (firmware 1.20B07), was discovered in the wild. This exploit takes advantage of a

Feb 12, 2025

CVE-2025-25746 - D-Link DIR-853 A1 FW1.20B07 Password Buffer Overflow Demystified

A new vulnerability has surfaced in the D-Link DIR-853 A1 router, specifically firmware version 1.20B07. Labeled CVE-2025-25746, this bug is a classic stack-based buffer

Feb 12, 2025 Exploit

CVE-2025-25184 - Breaking Ruby Rack Logs via CRLF Injection in Rack::CommonLogger

A critical vulnerability identified as CVE-2025-25184 has been found in the popular Ruby web framework library, Rack. Depending on how user input is handled and

Feb 12, 2025 API Exploit OAuth

CVE-2025-0516 - Exploiting Improper Authorization in GitLab CE/EE - How Limited Users Gain Unauthorized Access to Critical Project Data

On January 18, 2025, GitLab published an advisory for CVE-2025-0516, which discloses a serious improper authorization vulnerability in both GitLab Community Edition (CE) and Enterprise