Total
2539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4975 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2026-04-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5004 | 1 Wavlink | 2 Wl-wn579x3-c, Wl-wn579x3-c Firmware | 2026-04-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Wavlink WL-WN579X3-C 231124. This impacts the function sub_4019FC of the file /cgi-bin/firewall.cgi of the component UPNP Handler. Executing a manipulation of the argument UpnpEnabled can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-15608 | 1 Tp-link | 2 Archer Ax53, Archer Ax53 Firmware | 2026-04-02 | N/A | 9.8 CRITICAL |
| This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through complex heap-spray techniques. Successful exploitation may result in repeated service unavailability and, in certain scenarios, allow an attacker to gain control of the device. | |||||
| CVE-2026-4553 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F453 1.0.0.3. Impacted is the function fromNatlimit of the file /goform/Natlimit of the component Parameters Handler. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-4552 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component Parameters Handler. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-4551 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component Parameters Handler. Performing a manipulation of the argument menufacturer/Go results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2025-55095 | 1 Eclipse | 1 Threadx Usbx | 2026-04-02 | N/A | 4.2 MEDIUM |
| The function _ux_host_class_storage_media_mount() is responsible for mounting partitions on a USB mass storage device. When it encounters an extended partition entry in the partition table, it recursively calls itself to mount the next logical partition. This recursion occurs in _ux_host_class_storage_partition_read(), which parses up to four partition entries. If an extended partition is found (with type UX_HOST_CLASS_STORAGE_PARTITION_EXTENDED or EXTENDED_LBA_MAPPED), the code invokes: _ux_host_class_storage_media_mount(storage, sector + _ux_utility_long_get(...)); There is no limit on the recursion depth or tracking of visited sectors. As a result, a malicious or malformed disk image can include cyclic or excessively deep chains of extended partitions, causing the function to recurse until stack overflow occurs. | |||||
| CVE-2026-3970 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | |||||
| CVE-2026-3971 | 1 Tenda | 2 I3, I3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-3973 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3974 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. The exploit is publicly available and might be used. | |||||
| CVE-2026-3975 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-3976 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-4007 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-4008 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4041 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-4042 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-4043 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-43374 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 4.3 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory. | |||||
| CVE-2026-33536 | 1 Imagemagick | 1 Imagemagick | 2026-04-02 | N/A | 5.1 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue. | |||||