Security Vulnerabilities
An issue pertaining to CWE-400: Uncontrolled Resource Consumption was discovered in YMFE yapi v1.12.0 and allows attackers to cause a denial of service.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-09
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard52.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-09
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetWAN_Wizard534.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-09
Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formdumpeasysetup.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-09
GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF loclists data. A logic flaw in the DWARF parsing code can cause readelf to repeatedly print the same table output without making forward progress, resulting in an unbounded output loop that never terminates unless externally interrupted. A local attacker can trigger this behavior by supplying a malicious input file, causing excessive CPU and I/O usage and preventing readelf from completing its analysis.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-03-09
A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2026-03-09
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory.
This is caused by improper handling of the memory protections for the user-mode wrapped memory resource.
CVSS Score
4.4
EPSS Score
0.0
Published
2026-03-09
A flaw has been found in Tiandy Easy7 CMS Windows 7.17.0. Impacted is an unknown function of the file /Easy7/apps/WebService/GetDBData.jsp. This manipulation of the argument strTBName causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-03-09
A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used.
CVSS Score
5.3
EPSS Score
0.0
Published
2026-03-09
In AWS Auth manager, the origin of the SAML authentication has been used as provided by the client and not verified against the actual instance URL.
This allowed to gain access to different instances with potentially different access controls by reusing SAML response from other instances.
You should upgrade to 9.22.0 version of provider if you use AWS Auth Manager.
CVSS Score
5.4
EPSS Score
0.0
Published
2026-03-09