Total
13565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3273 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-3272 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3271 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-3169 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda F453 1.0.0.3. This impacts the function fromSafeEmailFilter of the file /goform/SafeEmailFilter of the component httpd. The manipulation of the argument page leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-3168 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromNatStaticSetting of the file /goform/NatStaticSetting of the component httpd. Executing a manipulation of the argument page can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-3167 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-3166 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-3165 | 1 Tenda | 2 F453, F453 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3147 | 1 Libvips | 1 Libvips | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as b3ab458a25e0e261cbd1788474bbc763f7435780. It is advisable to implement a patch to correct this issue. | |||||
| CVE-2026-3145 | 1 Libvips | 1 Libvips | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue. | |||||
| CVE-2026-3137 | 1 Codeastro | 1 Food Ordering System | 2026-06-17 | 4.3 MEDIUM | 5.3 MEDIUM |
| A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-3044 | 1 Tenda | 2 Ac8, Ac8 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-3016 | 1 Utt | 2 810g, 810g Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. | |||||
| CVE-2026-3015 | 1 Utt | 2 810g, 810g Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/formPolicyRouteConf. Executing a manipulation of the argument GroupName can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-30883 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 5.7 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-16 and 6.9.13-41, an extremely large image profile could result in a heap overflow when encoding a PNG image. This vulnerability is fixed in 7.1.2-16 and 6.9.13-41. | |||||
| CVE-2026-2981 | 1 Utt | 2 810g, 810g Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in UTT HiPER 810G up to 1.7.7-1711. The affected element is the function strcpy of the file /goform/formTaskEdit_ap. The manipulation of the argument txtMin2 results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-2980 | 1 Utt | 2 810g, 810g Firmware | 2026-06-17 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in UTT HiPER 810G up to 1.7.7-1711. Impacted is the function strcpy of the file /goform/setSysAdm. The manipulation of the argument passwd1 leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2962 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DWR-M960 1.01.07. This vulnerability affects the function sub_460F30 of the file /boafrm/formDateReboot of the component Scheduled Reboot Configuration Endpoint. The manipulation of the argument submit-url results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2026-2961 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4196C4 of the file /boafrm/formVpnConfigSetup of the component VPN Configuration Endpoint. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2960 | 1 Dlink | 2 Dwr-m960, Dwr-m960 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DWR-M960 1.01.07. Affected by this issue is the function sub_468D64 of the file /boafrm/formDhcpv6s. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | |||||