Total
3900 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24103 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-03-05 | N/A | 9.8 CRITICAL |
|
A buffer overflow vulnerability was discovered in goform/formSetMacFilterCfg in Tenda AC15V1.0 V15.03.05.18_multi.
|
|||||
| CVE-2026-20100 | 2026-03-05 | N/A | 7.7 HIGH | ||
|
A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces.
This vulnerability is due to trusting user input without validation in the LUA i ...
Show More |
|||||
| CVE-2025-46108 | 2026-03-05 | N/A | 9.8 CRITICAL | ||
|
D-link Dir-513 A1FW110 is vulnerable to Buffer Overflow in the function formTcpipSetup.
|
|||||
| CVE-2026-24113 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-05 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
|
|||||
| CVE-2026-24111 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-05 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addAuthUser` function and processed by `sscanf` without size validation, it could lead to buffer overflow.
|
|||||
| CVE-2026-24109 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-05 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `picName`. When this value is used in `sprintf` without validating variable sizes, it could lead to a buffer overflow vulnerability.
|
|||||
| CVE-2025-28164 | 1 Libpng | 1 Libpng | 2026-03-04 | N/A | 5.5 MEDIUM |
|
Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
|
|||||
| CVE-2025-12345 | 2026-03-03 | 9.0 HIGH | 8.8 HIGH | ||
|
A security vulnerability has been detected in LLM-Claw 0.1.0/0.1.1/0.1.1a/0.1.1a-p1. The affected element is the function agent_deploy_init of the file /agents/deploy/initiate.c of the component Agent Deployment. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. A patch should be applied to remediate this issue.
|
|||||
| CVE-2026-24115 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate the sizes of `gstup` and `gstdwn` before concatenating them into `gstruleQos` may lead to buffer overflow.
|
|||||
| CVE-2026-24114 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Failure to validate `pPortMapIndex` may lead to buffer overflows when using `strcpy`.
|
|||||
| CVE-2026-24112 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by specifying the value of `userInfo`. When `userInfo` is passed into the `addWewifiWhiteUser` function and processed by `sscanf` without size validation, it could lead to a buffer overflow vulnerability.
|
|||||
| CVE-2026-3376 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A security vulnerability has been detected in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromSafeMacFilter of the file /goform/SafeMacFilter. Such manipulation of the argument page leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2026-3377 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was detected in Tenda F453 1.0.0.3. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used.
|
|||||
| CVE-2026-3378 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromqossetting of the file /goform/qossetting. Executing a manipulation of the argument qos can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
|
|||||
| CVE-2026-3379 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2026-3380 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2026-3398 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-3399 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-24108 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability.
|
|||||
| CVE-2026-24110 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
|
An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`.
|
|||||
| CVE-2026-20436 | 1 Mediatek | 8 Mt7902, Mt7920, Mt7921 and 5 more | 2026-03-03 | N/A | 6.7 MEDIUM |
|
In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970.
|
|||||
| CVE-2026-27942 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-03-02 | N/A | 7.5 HIGH |
|
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.
|
|||||
| CVE-2026-3271 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used.
|
|||||
| CVE-2020-37196 | 1 Nsasoft | 1 Domain Name Search Software | 2026-02-27 | N/A | 7.5 HIGH |
|
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
|
|||||
| CVE-2026-3272 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2026-3273 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2026-3274 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
|
|||||
| CVE-2026-3275 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
|
A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
|
|||||
| CVE-2020-37212 | 1 Nsasoft | 1 Spotmsn | 2026-02-26 | N/A | 7.5 HIGH |
|
SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
|||||
| CVE-2020-37211 | 1 Nsasoft | 1 Spotim | 2026-02-26 | N/A | 7.5 HIGH |
|
SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash.
|
|||||
| CVE-2020-37210 | 1 Nsasoft | 1 Spotie | 2026-02-26 | N/A | 7.5 HIGH |
|
SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
|
|||||
| CVE-2020-37207 | 1 Nsasoft | 1 Spotdialup | 2026-02-26 | N/A | 7.5 HIGH |
|
SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
|
|||||
| CVE-2020-37206 | 1 Nsasoft | 1 Sharealarmpro | 2026-02-26 | N/A | 7.5 HIGH |
|
ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field.
|
|||||
| CVE-2020-37197 | 1 Nsasoft | 1 Domain Name Search Software | 2026-02-26 | N/A | 7.5 HIGH |
|
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash.
|
|||||
| CVE-2020-37199 | 1 Nsasoft | 1 Nbmonitor | 2026-02-26 | N/A | 7.5 HIGH |
|
NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash.
|
|||||
| CVE-2025-55131 | 2026-02-26 | N/A | 7.1 HIGH | ||
|
A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the timeout option. Under specific timing conditions, buffers allocated with `Buffer.alloc` and other `TypedArray` instances like `Uint8Array` may contain leftover data from previous operations, allowing in-process secrets like tokens or passwords to leak or causing data corruption. While exploitation typically requires precise timing or in-process code ex ...
Show More |
|||||
| CVE-2025-14911 | 2026-02-26 | N/A | 6.5 MEDIUM | ||
|
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
|
|||||
| CVE-2023-33009 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2026-02-26 | N/A | 9.8 CRITICAL |
|
A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) con ...
Show More |
|||||
| CVE-2026-2034 | 1 Santesoft | 1 Dicom Viewer Pro | 2026-02-26 | N/A | 7.8 HIGH |
|
Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior ...
Show More |
|||||
| CVE-2025-69674 | 2026-02-25 | N/A | 6.4 MEDIUM | ||
|
Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modules
|
|||||