Total
13458 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-13400 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used.
|
|||||
| CVE-2025-13120 | 1 Mruby | 1 Mruby | 2026-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is eb398971bfb43c38db3e04528b68ac9a7ce509bc. It is advisable to implement a patch to correct this issue.
|
|||||
| CVE-2025-12875 | 1 Mruby | 1 Mruby | 2026-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exec of the file mrbgems/mruby-array-ext/src/array.c. Executing a manipulation of the argument start/length can lead to out-of-bounds write. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. This patch is called 93619f06dd378db6766666b30c08978311c7ec94. It is best practice to apply a patch to resolve this issue.
|
|||||
| CVE-2025-12595 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-11527 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda AC7 15.03.06.44. The impacted element is an unknown function of the file /goform/fast_setting_pppoe_set. Executing a manipulation of the argument Password can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-11526 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda AC7 15.03.06.44. The affected element is an unknown function of the file /goform/WifiMacFilterSet. Performing a manipulation of the argument wifi_chkHz results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-11423 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function formSafeEmailFilter of the file /goform/SafeEmailFilter. Performing a manipulation of the argument page results in memory corruption. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2025-11413 | 1 Gnu | 1 Binutils | 2026-02-24 | 1.7 LOW | 3.3 LOW |
|
A vulnerability was found in GNU Binutils 2.45. Affected is the function elf_link_add_object_symbols of the file bfd/elflink.c of the component Linker. The manipulation results in out-of-bounds read. The attack needs to be approached locally. The exploit has been made public and could be used. Upgrading to version 2.46 is able to address this issue. The patch is identified as 72efdf166aa0ed72ecc69fc2349af6591a7a19c0. Upgrading the affected component is advised.
|
|||||
| CVE-2025-11389 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC15 15.03.05.18. Affected is an unknown function of the file /goform/saveAutoQos. Performing a manipulation of the argument enable results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-11326 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda AC18 15.03.05.19(6318). This affects an unknown part of the file /goform/WifiMacFilterSet. Executing a manipulation of the argument wifi_chkHz can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-11325 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC18 15.03.05.19(6318). Affected by this issue is some unknown functionality of the file /goform/fast_setting_pppoe_set. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-11301 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-11300 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-11297 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing a manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
|
|||||
| CVE-2025-11277 | 1 Assimp | 1 Assimp | 2026-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-15008 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in Tenda WH450 1.0.0.18. This affects an unknown part of the file /goform/L7Port of the component HTTP Request Handler. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-15006 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A weakness has been identified in Tenda WH450 1.0.0.18. Affected by this vulnerability is an unknown functionality of the file /goform/CheckTools of the component HTTP Request Handler. This manipulation of the argument ipaddress causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-14956 | 1 Webassembly | 1 Binaryen | 2026-02-24 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized. Patch name: 4f52bff8c4075b5630422f902dd92a0af2c9f398. It is recommended to apply a patch to fix this issue.
|
|||||
| CVE-2025-14879 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A weakness has been identified in Tenda WH450 1.0.0.18. Affected is an unknown function of the file /goform/onSSIDChange of the component HTTP Request Handler. This manipulation of the argument ssid_index causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-14878 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A security flaw has been discovered in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/wirelessRestart of the component HTTP Request Handler. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-14673 | 1 Gmg137 | 1 Snap7-rs | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-14672 | 1 Gmg137 | 1 Snap7-rs | 2026-02-24 | 7.5 HIGH | 7.3 HIGH |
|
A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
|
|||||
| CVE-2025-14665 | 1 Tenda | 2 Wh450, Wh450 Firmware | 2026-02-24 | 10.0 HIGH | 9.8 CRITICAL |
|
A security flaw has been discovered in Tenda WH450 1.0.0.18. Impacted is an unknown function of the file /goform/DhcpListClient of the component HTTP Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-14656 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2025-14655 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg of the component httpd. Performing a manipulation of the argument rebootTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2025-14526 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-2886 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function set_device_name of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-2870 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda A21 1.0.0.0. Affected by this issue is the function set_qosMib_list of the file /goform/formSetQosBand. The manipulation of the argument list results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-2871 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function fromSetIpMacBind of the file /goform/SetIpMacBind. This manipulation of the argument list causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2026-2872 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2026-2873 | 1 Tenda | 2 A21, A21 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda A21 1.0.0.0. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-2876 | 1 Tenda | 2 A18, A18 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda A18 15.13.07.13. This affects the function parse_macfilter_rule of the file /goform/setBlackRule. This manipulation of the argument deviceList causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-2853 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in D-Link DWR-M960 1.01.07. This affects the function sub_462E14 of the file /boafrm/formSysLog of the component System Log Configuration Endpoint. Performing a manipulation of the argument submit-url results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-2854 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in D-Link DWR-M960 1.01.07. This impacts the function sub_4611CC of the file /boafrm/formNtp of the component NTP Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2026-2855 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in D-Link DWR-M960 1.01.07. Affected is the function sub_4648F0 of the file /boafrm/formDdns of the component DDNS Settings Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-2856 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in D-Link DWR-M960 1.01.07. Affected by this vulnerability is the function sub_424AFC of the file /boafrm/formFilter of the component Filter Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2026-2857 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_423E00 of the file /boafrm/formPortFw of the component Port Forwarding Configuration Endpoint. This manipulation of the argument submit-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-2881 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_425FF8 of the file /boafrm/formFirewallAdv of the component Advanced Firewall Configuration Endpoint. Such manipulation of the argument submit-url leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-2905 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda HG9 300001138. This impacts an unknown function of the file /boaform/formWlanSetup of the component Wireless Configuration Endpoint. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-2906 | 1 Tenda | 2 Hg9, Hg9 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda HG9 300001138. Affected is an unknown function of the file /boaform/formSamba of the component Samba Configuration Endpoint. The manipulation of the argument sambaCap results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
|
|||||