Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3613 | 2026-03-06 | 8.3 HIGH | 7.2 HIGH | ||
|
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
|
|||||
| CVE-2026-3382 | 1 Chaiscript | 1 Chaiscript | 2026-03-05 | 1.7 LOW | 3.3 LOW |
|
A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Performing a manipulation results in memory corruption. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3606 | 2026-03-05 | 1.7 LOW | 3.3 LOW | ||
|
A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component etterfilter. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3437 | 1 Portwell | 1 Engineering Toolkits | 2026-03-05 | N/A | 7.8 HIGH |
|
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Portwell Engineering Toolkits version 4.8.2 could allow a local authenticated attacker to read and write to arbitrary memory via the Portwell Engineering Toolkits driver. Successful exploitation of this vulnerability could result in escalation of privileges or cause a denial-of-service condition.
|
|||||
| CVE-2026-20024 | 2026-03-05 | N/A | 6.8 MEDIUM | ||
|
A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an authenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. To exploit this vulnerability, the attacker must have the OSPF secret key.
This vulnerability is due to heap corruption in OSPF when parsing packets. An attacker could exploit this vulnerability by sending crafted packets to the OSPF service. A successful exploi ...
Show More |
|||||
| CVE-2026-3386 | 1 Wren | 1 Wren | 2026-03-05 | 1.7 LOW | 3.3 LOW |
|
A flaw has been found in wren-lang wren up to 0.4.0. Affected by this vulnerability is the function emitOp of the file src/vm/wren_compiler.c. This manipulation causes out-of-bounds read. It is possible to launch the attack on the local host. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3390 | 1 Lily-lang | 1 Lily | 2026-03-05 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3394 | 1 Solhsa | 1 Soloud | 2026-03-05 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local position. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3391 | 1 Lily-lang | 1 Lily | 2026-03-04 | 1.7 LOW | 3.3 LOW |
|
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2025-12345 | 2026-03-03 | 9.0 HIGH | 8.8 HIGH | ||
|
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A patch should be applied to remediate this issue.
|
|||||
| CVE-2026-3463 | 2026-03-03 | 1.7 LOW | 3.3 LOW | ||
|
A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::binary_writer::append of the file source/detail/binary.hpp of the component Compound Document Parser. This manipulation causes heap-based buffer overflow. The attack can only be executed locally. The exploit has been made available to the public and could be used for attacks. Patch name: 147. It is suggested to install a patch to address this issue.
|
|||||
| CVE-2026-3400 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-3376 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2026-3377 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-3378 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2026-3379 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-3380 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2026-3398 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-3399 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2017-5225 | 1 Libtiff | 1 Libtiff | 2026-03-02 | 7.5 HIGH | 8.8 HIGH |
|
LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the tools/tiffcp resulting in DoS or code execution via a crafted BitsPerSample value.
|
|||||
| CVE-2026-3393 | 2026-03-02 | 1.7 LOW | 3.3 LOW | ||
|
A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3407 | 2026-03-02 | 1.7 LOW | 3.3 LOW | ||
|
A vulnerability was determined in YosysHQ yosys up to 0.62. This affects the function Yosys::RTLIL::Const::set of the file kernel/rtlil.h of the component BLIF File Parser. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Applying a patch is the recommended action to fix this issue. It appears that the issue is not reproducible all the time.
|
|||||
| CVE-2026-3281 | 1 Libvips | 1 Libvips | 2026-03-02 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue.
|
|||||
| CVE-2026-3282 | 1 Libvips | 1 Libvips | 2026-03-02 | 1.7 LOW | 3.3 LOW |
|
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alpha_band can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called 7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91. A patch should be applied to remediate this issue.
|
|||||
| CVE-2026-3283 | 1 Libvips | 1 Libvips | 2026-03-02 | 1.7 LOW | 3.3 LOW |
|
A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. To fix this issue, it is recommended to deploy a patch.
|
|||||
| CVE-2026-3285 | 1 Berry-lang | 1 Berry | 2026-03-02 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was determined in berry-lang berry up to 1.1.0. The affected element is the function scan_string of the file src/be_lexer.c. This manipulation causes out-of-bounds read. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Patch name: 7149c59a39ba44feca261b12f06089f265fec176. Applying a patch is the recommended action to fix this issue.
|
|||||
| CVE-2026-2705 | 1 Openbabel | 1 Open Babel | 2026-03-01 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early thro ...
Show More |
|||||
| CVE-2026-2704 | 1 Openbabel | 1 Open Babel | 2026-03-01 | 5.0 MEDIUM | 4.3 MEDIUM |
|
A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The identifier of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is suggested to install a patch to address this issue ...
Show More |
|||||
| CVE-2026-2788 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-28 | N/A | 9.8 CRITICAL |
|
Incorrect boundary conditions in the Audio/Video: GMP component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
|
|||||
| CVE-2026-2779 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-28 | N/A | 9.8 CRITICAL |
|
Incorrect boundary conditions in the Networking: JAR component. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
|
|||||
| CVE-2026-2778 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-28 | N/A | 10.0 CRITICAL |
|
Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
|
|||||
| CVE-2026-2776 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-28 | N/A | 10.0 CRITICAL |
|
Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
|
|||||
| CVE-2026-2773 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-28 | N/A | 9.8 CRITICAL |
|
Incorrect boundary conditions in the Web Audio component. This vulnerability affects Firefox < 148, Firefox ESR < 115.33, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.
|
|||||
| CVE-2026-1979 | 1 Mruby | 1 Mruby | 2026-02-28 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A flaw has been found in mruby up to 3.4.0. This affects the function mrb_vm_exec of the file src/vm.c of the component JMPNOT-to-JMPIF Optimization. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called e50f15c1c6e131fa7934355eb02b8173b13df415. It is advisable to implement a patch to correct this issue.
|
|||||
| CVE-2026-3271 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-15570 | 1 Ckolivas | 1 Lrzip | 2026-02-27 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
|
|||||
| CVE-2026-3272 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-3273 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-3274 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-3275 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
|
|||||