Total
2548 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3975 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda W3 1.0.0.3(2204). This issue affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component POST Parameter Handler. Performing a manipulation of the argument wl_radio results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-3976 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda W3 1.0.0.3(2204). Impacted is the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-4007 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda W3 1.0.0.3(2204). This vulnerability affects unknown code of the file /goform/wifiSSIDget of the component POST Parameter Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-4008 | 1 Tenda | 2 W3, W3 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda W3 1.0.0.3(2204). This issue affects some unknown processing of the file /goform/wifiSSIDset of the component POST Parameter Handler. Executing a manipulation of the argument index/GO can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4041 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda i12 1.0.0.6(2204). Impacted is the function vos_strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-4042 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-4043 | 1 Tenda | 2 I12, I12 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2025-43374 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-02 | N/A | 4.3 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 18.5 and iPadOS 18.5, iPadOS 17.7.7, macOS Sequoia 15.5, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.5, visionOS 2.5, watchOS 11.5. An attacker in physical proximity may be able to cause an out-of-bounds read in kernel memory. | |||||
| CVE-2026-33536 | 1 Imagemagick | 1 Imagemagick | 2026-04-02 | N/A | 5.1 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue. | |||||
| CVE-2026-5214 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_addgroup_get_group_quota_minsize of the file /cgi-bin/account_mgr.cgi. The manipulation of the argument Name results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2026-5213 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-5212 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_Upload_File of the file /cgi-bin/webdav_mgr.cgi. The manipulation of the argument f_file leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5211 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function UPnP_AV_Server_Path_Del of the file /cgi-bin/app_mgr.cgi. Executing a manipulation of the argument f_dir can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4567 | 1 Tenda | 2 A15, A15 Firmware | 2026-04-02 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5152 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-5155 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-5204 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-5156 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-49010 | 1 Opensc Project | 1 Opensc | 2026-04-01 | N/A | 3.8 LOW |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0. | |||||
| CVE-2025-66215 | 1 Opensc Project | 1 Opensc | 2026-04-01 | N/A | 3.8 LOW |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0. | |||||