Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-25596

Summary
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At-22 Mar, 2026 | 13:38
Updated At-23 Mar, 2026 | 15:31
Rejected At-
Credits

SpotAuditor 5.2.6 Name Field Denial of Service

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulnCheck
Assigner Org ID:83251b91-4cc7-4094-a5c7-464a1b83ea10
Published At:22 Mar, 2026 | 13:38
Updated At:23 Mar, 2026 | 15:31
Rejected At:
▼CVE Numbering Authority (CNA)
SpotAuditor 5.2.6 Name Field Denial of Service

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.

Affected Products
Vendor
Nsauditor
Product
SpotAuditor
Versions
Affected
  • 5.2.6
Problem Types
TypeCWE IDDescription
CWECWE-1287Improper Validation of Specified Type of Input
Type: CWE
CWE ID: CWE-1287
Description: Improper Validation of Specified Type of Input
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Victor Mondragón
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.exploit-db.com/exploits/46778
exploit
http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
product
https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-service
third-party-advisory
Hyperlink: https://www.exploit-db.com/exploits/46778
Resource:
exploit
Hyperlink: http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
Resource:
product
Hyperlink: https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-service
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:disclosure@vulncheck.com
Published At:22 Mar, 2026 | 14:16
Updated At:23 Mar, 2026 | 19:51

SpotAuditor 5.2.6 contains a denial of service vulnerability in the registration dialog that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 repeated characters into the Name input during registration to trigger an application crash.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
nsasoft
nsasoft
>>spotauditor>>5.2.6
cpe:2.3:a:nsasoft:spotauditor:5.2.6:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-1287Primarydisclosure@vulncheck.com
CWE ID: CWE-1287
Type: Primary
Source: disclosure@vulncheck.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exedisclosure@vulncheck.com
Broken Link
https://www.exploit-db.com/exploits/46778disclosure@vulncheck.com
Exploit
Third Party Advisory
VDB Entry
https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-servicedisclosure@vulncheck.com
Third Party Advisory
Hyperlink: http://spotauditor.nsauditor.com/downloads/spotauditor_setup.exe
Source: disclosure@vulncheck.com
Resource:
Broken Link
Hyperlink: https://www.exploit-db.com/exploits/46778
Source: disclosure@vulncheck.com
Resource:
Exploit
Third Party Advisory
VDB Entry
Hyperlink: https://www.vulncheck.com/advisories/spotauditor-name-field-denial-of-service
Source: disclosure@vulncheck.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

8Records found
CVE-2020-37131
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.01% / 0.41%
||
7 Day CHG~0.00%
Published-05 Feb, 2026 | 16:13
Updated-26 Mar, 2026 | 18:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Product Key Explorer 4.2.2.0 - 'Key' Denial of Service

Nsauditor Product Key Explorer 4.2.2.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting a specially crafted registration key. Attackers can generate a payload of 1000 bytes of repeated characters and paste it into the 'Key' input field to trigger the application crash.

Action-Not Available
Vendor-nsasoftNsauditor
Product-product_key_explorerProduct Key Explorer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-25666
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 0.25%
||
7 Day CHG-0.01%
Published-05 Apr, 2026 | 20:45
Updated-20 Apr, 2026 | 18:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpotAuditor 3.6.7 Denial of Service Buffer Overflow

SpotAuditor 3.6.7 contains a local buffer overflow vulnerability in the Base64 Password Decoder component that allows attackers to crash the application. Attackers can supply an oversized Base64 string through the decoder interface to trigger a denial of service condition.

Action-Not Available
Vendor-nsasoftNsauditor
Product-spotauditorSpotAuditor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25597
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 0.33%
||
7 Day CHG-0.01%
Published-22 Mar, 2026 | 13:38
Updated-25 Mar, 2026 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
NSauditor 3.1.2.0 Denial of Service via Community Field

NSauditor 3.1.2.0 contains a buffer overflow vulnerability in the SNMP Auditor Community field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a large payload into the Community field and trigger the Walk function to cause a denial of service condition.

Action-Not Available
Vendor-nsasoftNsauditor
Product-nsauditorNSauditor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25712
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 0.27%
||
7 Day CHG-0.01%
Published-12 Apr, 2026 | 12:28
Updated-17 Apr, 2026 | 14:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BlueAuditor 1.7.2.0 Buffer Overflow Denial of Service via Registration Key

BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can trigger a denial of service by entering a 256-byte buffer of repeated characters in the Key registration field, causing the application to crash during registration processing.

Action-Not Available
Vendor-nsasoftNSauditor
Product-blueauditorBlueAuditor
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25334
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.7||MEDIUM
EPSS-0.02% / 5.20%
||
7 Day CHG~0.00%
Published-12 Feb, 2026 | 22:48
Updated-25 Mar, 2026 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Product Key Explorer 4.2.0.0 - 'Name' Denial of Service

Product Key Explorer 4.2.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by overflowing the registration name input field. Attackers can create a specially crafted text file with repeated characters to trigger a buffer overflow when pasted into the registration name field, causing the application to crash.

Action-Not Available
Vendor-nsasoftNsasoft
Product-product_key_explorerNsauditor Product Key Explorer
CWE ID-CWE-121
Stack-based Buffer Overflow
CVE-2019-25463
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 5.00%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 18:23
Updated-07 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SpotIE Internet Explorer Password Recovery 2.9.5 Key Field DoS

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application.

Action-Not Available
Vendor-Nsauditor
Product-SpotIE Internet Explorer Password Recovery
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-25599
Matching Score-8
Assigner-VulnCheck
ShareView Details
Matching Score-8
Assigner-VulnCheck
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.08%
||
7 Day CHG~0.00%
Published-22 Mar, 2026 | 13:38
Updated-16 Apr, 2026 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Backup Key Recovery 2.2.4 Denial of Service via Name Field

Backup Key Recovery 2.2.4 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can paste a buffer of 300 or more characters into the Name field during registration to trigger a crash when submitting the form.

Action-Not Available
Vendor-Nsauditor
Product-Backup Key Recovery
CWE ID-CWE-466
Return of Pointer Value Outside of Expected Range
CVE-2024-40682
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.2||MEDIUM
EPSS-0.02% / 5.57%
||
7 Day CHG~0.00%
Published-23 Jul, 2025 | 11:14
Updated-18 Aug, 2025 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM SmartCloud Analytics - Log Analysis denial of service

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 could allow a local user to cause a denial of service due to improper validation of specified type of input.

Action-Not Available
Vendor-IBM Corporation
Product-smartcloud_analytics_log_analysisSmartCloud Analytics Log Analysis
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
Details not found