Total
3800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27942 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-03-02 | N/A | 7.5 HIGH |
| fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder. | |||||
| CVE-2026-3271 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2020-37196 | 1 Nsasoft | 1 Domain Name Search Software | 2026-02-27 | N/A | 7.5 HIGH |
| Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. | |||||
| CVE-2026-3272 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3273 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-3274 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-3275 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2020-37212 | 1 Nsasoft | 1 Spotmsn | 2026-02-26 | N/A | 7.5 HIGH |
| SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. | |||||
| CVE-2020-37211 | 1 Nsasoft | 1 Spotim | 2026-02-26 | N/A | 7.5 HIGH |
| SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. | |||||
| CVE-2020-37210 | 1 Nsasoft | 1 Spotie | 2026-02-26 | N/A | 7.5 HIGH |
| SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. | |||||
| CVE-2020-37207 | 1 Nsasoft | 1 Spotdialup | 2026-02-26 | N/A | 7.5 HIGH |
| SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. | |||||
| CVE-2020-37206 | 1 Nsasoft | 1 Sharealarmpro | 2026-02-26 | N/A | 7.5 HIGH |
| ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. | |||||
| CVE-2020-37197 | 1 Nsasoft | 1 Domain Name Search Software | 2026-02-26 | N/A | 7.5 HIGH |
| Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. | |||||
| CVE-2020-37199 | 1 Nsasoft | 1 Nbmonitor | 2026-02-26 | N/A | 7.5 HIGH |
| NBMonitor 1.6.6.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. | |||||
| CVE-2023-33009 | 1 Zyxel | 46 Atp100, Atp100 Firmware, Atp100w and 43 more | 2026-02-26 | N/A | 9.8 CRITICAL |
| A buffer overflow vulnerability in the notification function in Zyxel ATP series firmware versions 4.60 through 5.36 Patch 1, USG FLEX series firmware versions 4.60 through 5.36 Patch 1, USG FLEX 50(W) firmware versions 4.60 through 5.36 Patch 1, USG20(W)-VPN firmware versions 4.60 through 5.36 Patch 1, VPN series firmware versions 4.60 through 5.36 Patch 1, ZyWALL/USG series firmware versions 4.60 through 4.73 Patch 1, could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and even a remote code execution on an affected device. | |||||
| CVE-2026-2034 | 1 Santesoft | 1 Dicom Viewer Pro | 2026-02-26 | N/A | 7.8 HIGH |
| Sante DICOM Viewer Pro DCM File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DCM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28129. | |||||
| CVE-2020-37068 | 1 Konicaminolta | 1 Ftp Utility | 2026-02-25 | N/A | 9.8 CRITICAL |
| Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the LIST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code. | |||||
| CVE-2020-37069 | 1 Konicaminolta | 1 Ftp Utility | 2026-02-25 | N/A | 9.8 CRITICAL |
| Konica Minolta FTP Utility 1.0 contains a buffer overflow vulnerability in the NLST command that allows attackers to overwrite system registers. Attackers can send an oversized buffer of 1500 'A' characters to crash the FTP server and potentially execute unauthorized code. | |||||
| CVE-2023-43314 | 1 Zyxel | 2 Pmg2005-t20b, Pmg2005-t20b Firmware | 2026-02-25 | N/A | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED **The buffer overflow vulnerability in the Zyxel PMG2005-T20B firmware version V1.00(ABNK.2)b11_C0 could allow an unauthenticated attacker to cause a denial of service condition via a crafted uid. | |||||
| CVE-2026-3165 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-25 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||