Total
3800 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-12236 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-12233 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Executing a manipulation of the argument page can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2025-12232 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Performing a manipulation of the argument page results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2025-15218 | 1 Tenda | 2 Ac10u, Ac10u Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-15217 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely. | |||||
| CVE-2025-13400 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Affected is the function formWrlExtraGet of the file /goform/WrlExtraGet. Performing a manipulation of the argument chkHz results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may be used. | |||||
| CVE-2025-12595 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC23 16.03.07.52. This impacts the function formSetVirtualSer of the file /goform/SetVirtualServerCfg. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-11301 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Belkin F9K1015 1.00.10. This affects an unknown function of the file /goform/formWlanSetupWPS. This manipulation of the argument webpage causes buffer overflow. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11300 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Belkin F9K1015 1.00.10. The impacted element is an unknown function of the file /goform/formWlanMP. The manipulation of the argument ateFunc results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-11297 | 1 Belkin | 2 F9k1015, F9k1015 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Belkin F9K1015 1.00.10. This issue affects some unknown processing of the file /goform/formSetLanguage. Performing a manipulation of the argument webpage results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-14656 | 1 Tenda | 2 Ac20, Ac20 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda AC20 16.03.08.12. This affects the function httpd of the file /goform/openSchedWifi. Executing a manipulation of the argument schedStartTime/schedEndTime can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2025-14526 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-02-24 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing a manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-2911 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda FH451 up to 1.0.0.9. This issue affects some unknown processing of the file /goform/GstDhcpSetSer. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-69807 | 1 P2r3 | 1 Bareiron | 2026-02-23 | N/A | 7.5 HIGH |
| p2r3 Bareiron commit: 8e4d4020d is vulnerable to Buffer Overflow, which allows unauthenticated remote attackers to cause a denial of service via a packet sent to the server. | |||||
| CVE-2025-15431 | 1 Utt | 2 512w, 512w Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in UTT 进取 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15430 | 1 Utt | 2 512w, 512w Firmware | 2026-02-23 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in UTT 进取 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing a manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-33130 | 1 Ibm | 1 Db2 Merge Backup | 2026-02-20 | N/A | 6.5 MEDIUM |
| IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack. | |||||
| CVE-2020-37204 | 1 Nsasoft | 1 Remshutdown | 2026-02-20 | N/A | 7.5 HIGH |
| RemShutdown 2.9.0.0 contains a denial of service vulnerability in its registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. | |||||
| CVE-2020-37205 | 1 Nsasoft | 1 Remshutdown | 2026-02-20 | N/A | 7.5 HIGH |
| RemShutdown 2.9.0.0 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' registration field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. | |||||
| CVE-2020-37209 | 1 Nsasoft | 1 Spotftp | 2026-02-20 | N/A | 7.5 HIGH |
| SpotFTP 3.0.0.0 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. | |||||