Total
2539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-5214 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. Impacted is the function cgi_addgroup_get_group_quota_minsize of the file /cgi-bin/account_mgr.cgi. The manipulation of the argument Name results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | |||||
| CVE-2026-5213 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. The affected element is the function cgi_adduser_to_session of the file /cgi-bin/account_mgr.cgi. This manipulation of the argument read_list causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-5212 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This issue affects the function Webdav_Upload_File of the file /cgi-bin/webdav_mgr.cgi. The manipulation of the argument f_file leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5211 | 1 Dlink | 40 Dnr-202l, Dnr-202l Firmware, Dnr-326 and 37 more | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20260205. This vulnerability affects the function UPnP_AV_Server_Path_Del of the file /cgi-bin/app_mgr.cgi. Executing a manipulation of the argument f_dir can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4567 | 1 Tenda | 2 A15, A15 Firmware | 2026-04-02 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5152 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | |||||
| CVE-2026-5155 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-5204 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-5156 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-49010 | 1 Opensc Project | 1 Opensc | 2026-04-01 | N/A | 3.8 LOW |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0. | |||||
| CVE-2025-66215 | 1 Opensc Project | 1 Opensc | 2026-04-01 | N/A | 3.8 LOW |
| OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow WRITE in card-oberthur. The attack requires crafted USB device or smart card that would present the system with specially crafted responses to the APDUs. This issue has been patched in version 0.27.0. | |||||
| CVE-2026-26738 | 2026-04-01 | N/A | 7.8 HIGH | ||
| Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. | |||||
| CVE-2026-4903 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-03-31 | 9.0 HIGH | 8.8 HIGH |
| A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been published and may be used. | |||||
| CVE-2026-4904 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-03-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-4905 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-03-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | |||||
| CVE-2026-4960 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-03-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-4906 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-03-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda AC5 15.03.06.47. The affected element is the function decodePwd of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2025-53521 | 1 F5 | 1 Big-ip Access Policy Manager | 2026-03-31 | N/A | 9.8 CRITICAL |
| When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2026-4961 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-03-31 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-22790 | 1 Linuxfoundation | 1 Everest | 2026-03-31 | N/A | 8.8 HIGH |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch. | |||||