Total
13586 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-4976 | 2026-03-30 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Totolink LR350 9.3.5u.6369_B20220309. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-4975 | 2026-03-30 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-5037 | 2026-03-30 | 1.7 LOW | 3.3 LOW | ||
| A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue. | |||||
| CVE-2026-20698 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-26 | N/A | 7.8 HIGH |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2026-4710 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-03-26 | N/A | 9.8 CRITICAL |
| Incorrect boundary conditions in the Audio/Video component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-20657 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-03-26 | N/A | 6.5 MEDIUM |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5. Parsing a maliciously crafted file may lead to an unexpected app termination. | |||||
| CVE-2026-4719 | 1 Mozilla | 1 Firefox | 2026-03-25 | N/A | 7.5 HIGH |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability affects Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9. | |||||
| CVE-2026-20700 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2026-03-25 | N/A | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An attacker with memory write capability may be able to execute arbitrary code. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26. CVE-2025-14174 and CVE-2025-43529 were also issued in response to this report. | |||||
| CVE-2026-4493 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-4488 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-4490 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | |||||
| CVE-2026-4489 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. | |||||
| CVE-2026-4491 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-4487 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-4486 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in D-Link DIR-513 1.10. This affects the function formEasySetPassword of the file /goform/formEasySetPassword of the component Web Service. The manipulation of the argument curTime results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2026-4492 | 2026-03-24 | 9.0 HIGH | 8.8 HIGH | ||
| A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-33849 | 2026-03-24 | N/A | 8.8 HIGH | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | |||||
| CVE-2026-33851 | 2026-03-24 | N/A | 7.8 HIGH | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in joncampbell123 doslib.This issue affects doslib: before doslib-20250729. | |||||
| CVE-2026-4734 | 2026-03-24 | N/A | N/A | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in yoyofr modizer (libs/libopenmpt/openmpt-trunk/include/premake/contrib/curl/lib modules). This vulnerability is associated with program files imap.C. This issue affects modizer: before v4.3. | |||||
| CVE-2026-4738 | 2026-03-24 | N/A | N/A | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9.C. This issue affects gdal: before 3.11.0. | |||||