Total
2769 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6643 | 1 Asustor | 1 Data Master | 2026-06-17 | N/A | 9.9 CRITICAL |
| A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1. | |||||
| CVE-2026-6637 | 1 Postgresql | 1 Postgresql | 2026-06-17 | N/A | 8.8 HIGH |
| Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | |||||
| CVE-2026-6538 | 1 Wireshark | 1 Wireshark | 2026-06-17 | N/A | 5.5 MEDIUM |
| BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||||
| CVE-2026-6537 | 1 Wireshark | 1 Wireshark | 2026-06-17 | N/A | 5.5 MEDIUM |
| ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||||
| CVE-2026-6350 | 2026-06-17 | N/A | 9.8 CRITICAL | ||
| MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code. | |||||
| CVE-2026-6240 | 2026-06-17 | N/A | N/A | ||
| A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers to overflow stack memory. Successful exploitation may result in a service crash or deadlock, leading to DoS affecting device management and monitoring functionality. | |||||
| CVE-2026-6239 | 2026-06-17 | N/A | N/A | ||
| A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processing. An authenticated attacker can send a specially crafted ONVIF request containing an excessive number of user entries to trigger memory corruption. Successful exploitation may cause the ONVIF management service to terminate unexpectedly, resulting in a denial‑of‑service (DoS) condition that disrupts device configuration and management functions. | |||||
| CVE-2026-6200 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-6199 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-6198 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-6197 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. | |||||
| CVE-2026-6196 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2026-6194 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-6168 | 2026-06-17 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in TOTOLINK A7000R up to 9.1.0u.6115. The affected element is the function setWiFiEasyGuestCfg of the file /cgi-bin/cstecgi.cgi. This manipulation of the argument ssid5g causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2026-6137 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was detected in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromAdvSetWan of the file /goform/AdvSetWan. The manipulation of the argument wanmode/PPPOEPassword results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be used. | |||||
| CVE-2026-6136 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security vulnerability has been detected in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | |||||
| CVE-2026-6135 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromSetIpBind of the file /goform/SetIpBind. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-6134 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda F451 1.0.0.7_cn_svn7958. This vulnerability affects the function fromqossetting of the file /goform/qossetting. Performing a manipulation of the argument qos results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-6133 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. This affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. Such manipulation of the argument page leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-6124 | 1 Tenda | 2 F451, F451 Firmware | 2026-06-17 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F451 1.0.0.7. This vulnerability affects the function fromSafeMacFilter of the file /goform/SafeMacFilter of the component httpd. Executing a manipulation of the argument page/menufacturer can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | |||||