Total
3990 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-47404 | 1 Qualcomm | 376 215 Mobile, 215 Mobile Firmware, 5g Fixed Wireless Access and 373 more | 2026-05-06 | N/A | 6.5 MEDIUM |
| Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified. | |||||
| CVE-2026-7853 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| A weakness has been identified in D-Link DI-8100 16.07.26A1. Affected is the function sprintf of the file /auto_reboot.asp of the component HTTP Handler. This manipulation of the argument enable/time causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-7854 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| A security vulnerability has been detected in D-Link DI-8100 16.07.26A1. Affected by this vulnerability is the function url_rule_asp of the file /url_rule.asp of the component POST Parameter Handler. Such manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-7855 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in D-Link DI-8100 16.07.26A1. Affected by this issue is the function tggl_asp of the file /tggl.asp of the component HTTP Request Handler. Performing a manipulation of the argument Name results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7856 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 8.3 HIGH | 7.2 HIGH |
| A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web Management Interface. Executing a manipulation of the argument Name can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2026-7857 | 1 Dlink | 2 Di-8100, Di-8100 Firmware | 2026-05-06 | 8.3 HIGH | 7.2 HIGH |
| A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp of the component CGI Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-34956 | 2026-05-05 | N/A | 5.9 MEDIUM | ||
| A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a Denial of Service (DoS) for the affected system. | |||||
| CVE-2026-7684 | 2026-05-05 | 9.0 HIGH | 8.8 HIGH | ||
| A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN. Such manipulation of the argument pptpDfGateway leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-7685 | 2026-05-05 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-32746 | 1 Gnu | 1 Inetutils | 2026-05-05 | N/A | 9.8 CRITICAL |
| telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full. | |||||
| CVE-2018-25306 | 1 Canonical | 1 Pdfunite | 2026-05-05 | N/A | 6.2 MEDIUM |
| PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility. | |||||
| CVE-2026-33446 | 1 Absolute | 1 Secure Access | 2026-05-05 | N/A | 9.8 CRITICAL |
| CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service. | |||||
| CVE-2026-20100 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2026-05-04 | N/A | 7.7 HIGH |
| A vulnerability in the LUA interperter of the Remote Access SSL VPN feature of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker with a valid VPN connection to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition. This does not affect the management or MUS interfaces. This vulnerability is due to trusting user input without validation in the LUA interprerter. An attacker could exploit this vulnerability by sending crafted HTTP packets to the Remote Access SSL VPN server. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | |||||
| CVE-2026-7674 | 2026-05-04 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-7675 | 2026-05-04 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-7717 | 2026-05-04 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument File can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-7719 | 2026-05-04 | 10.0 HIGH | 9.8 CRITICAL | ||
| A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument http_host results in buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-7748 | 2026-05-04 | 9.0 HIGH | 8.8 HIGH | ||
| A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Executing a manipulation of the argument FileName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-7750 | 2026-05-04 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument mac_address results in buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2026-7747 | 2026-05-04 | 10.0 HIGH | 9.8 CRITICAL | ||
| A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the file /cgi-bin/cstecgi.cgi of the component Parameter Handler. Performing a manipulation of the argument Password results in buffer overflow. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | |||||