Total
2522 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-6196 | 2026-04-22 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Tenda F456 1.0.0.5. This affects the function fromexeCommand of the file /goform/exeCommand. Performing a manipulation of the argument cmdinput results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | |||||
| CVE-2026-6197 | 2026-04-22 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Tenda F456 1.0.0.5. This vulnerability affects the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Executing a manipulation of the argument mit_ssid can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. | |||||
| CVE-2026-6198 | 2026-04-22 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-6200 | 2026-04-22 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-6194 | 2026-04-22 | 9.0 HIGH | 8.8 HIGH | ||
| A weakness has been identified in Totolink A3002MU B20211125.1046. Affected by this vulnerability is the function sub_410188 of the file /boafrm/formWlanSetup of the component HTTP Request Handler. This manipulation of the argument wan-url causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2026-6199 | 2026-04-22 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. | |||||
| CVE-2017-20230 | 1 Nwclark | 1 Storable | 2026-04-22 | N/A | 10.0 CRITICAL |
| Storable versions before 3.05 for Perl has a stack overflow. The retrieve_hook function stored the length of the class name into a signed integer but in read operations treated the length as unsigned. This allowed an attacker to craft data that could trigger the overflow. | |||||
| CVE-2026-32955 | 1 Silextechnology | 3 Amc Manager, Sd-330ac, Sd-330ac Firmware | 2026-04-22 | N/A | 8.8 HIGH |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | |||||
| CVE-2025-50664 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of parameters in the /user_group.asp endpoint. The attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, mem, pri, and attr. | |||||
| CVE-2025-50663 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | |||||
| CVE-2025-50662 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_group.asp endpoint. | |||||
| CVE-2025-50661 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log. | |||||
| CVE-2025-50660 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | |||||
| CVE-2025-50659 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the custom_error parameter in the /user.asp endpoint. | |||||
| CVE-2025-50657 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the pid parameter in the /trace.asp endpoint. | |||||
| CVE-2025-50655 | 1 Dlink | 2 Di-8003, Di-8003 Firmware | 2026-04-22 | N/A | 7.5 HIGH |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | |||||
| CVE-2026-6643 | 1 Asustor | 1 Data Master | 2026-04-22 | N/A | 9.9 CRITICAL |
| A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1. | |||||
| CVE-2013-2597 | 1 Codeaurora | 1 Android-msm | 2026-04-22 | 7.2 HIGH | 8.4 HIGH |
| Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument. | |||||
| CVE-2009-0927 | 1 Adobe | 1 Acrobat Reader | 2026-04-22 | 9.3 HIGH | 8.8 HIGH |
| Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658. | |||||
| CVE-2025-9820 | 2026-04-22 | N/A | 4.0 MEDIUM | ||
| A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks. | |||||