CVE-2025-4841 – D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

May 17, 2025

CVE ID : CVE-2025-4841

Published : May 17, 2025, 11:15 p.m. | 1 hour, 30 minutes ago

Description : A vulnerability was found in D-Link DCS-932L 2.18.01 and classified as critical. Affected by this issue is the function sub_404780 of the file /bin/gpio. The manipulation of the argument CameraName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4843 – D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-4842 – D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Highlights

CVE-2025-34086 – Bolt CMS Remote Code Execution Vulnerability

July 3, 2025

CVE ID : CVE-2025-34086

Published : July 3, 2025, 8:15 p.m. | 3 hours, 5 minutes ago

Description : Bolt CMS versions 3.7.0 and earlier contain a chain of vulnerabilities that together allow an authenticated user to achieve remote code execution. A user with valid credentials can inject arbitrary PHP code into the displayname field of the user profile, which is rendered unsanitized in backend templates. The attacker can then list and rename cached session files via the /async/browse/cache/.sessions and /async/folder/rename endpoints. By renaming a .session file to a path under the publicly accessible /files/ directory with a .php extension, the attacker can turn the injected code into an executable web shell. Finally, the attacker triggers the payload via a crafted HTTP GET request to the rogue file.

NOTE: The vendor announced that Bolt 3 reached end-of-life after 31 December 2021.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-4841 – D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

Added to Xbox This Week: College Football, Tony Hawk, Missile Command & More

CVE-2025-9036 – Citrix Workspace Token Replay Vulnerability

How to Troubleshoot & Debug WordPress Code With AI

Skip Amazon this Prime Day for Xbox gift cards — this retailer is giving $6 free with $60 purchase

CVE-2025-34086 – Bolt CMS Remote Code Execution Vulnerability

Representative Line: What the FFFFFFFF

CVE-2025-52812 – ApusWP Domnoo PHP Local File Inclusion Vulnerability

How I use generative AI for research in 2025

CVE-2025-4841 – D-Link DCS-932L Stack-Based Buffer Overflow Vulnerability

Related Posts