Total
3942 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-3379 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-3380 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda F453 1.0.0.3. This issue affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-3398 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3399 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-03 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-24108 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may exploit the vulnerability by controlling the value of `nptr`. When this value is passed into the `getMibPrefix` function and concatenated using `sprintf` without proper size validation, it could lead to a buffer overflow vulnerability. | |||||
| CVE-2026-24110 | 1 Tenda | 2 W20e, W20e Firmware | 2026-03-03 | N/A | 9.8 CRITICAL |
| An issue was discovered in Tenda W20E V4.0br_V15.11.0.6. Attackers may send overly long `addDhcpRules` data. When these rules enter the `addDhcpRule` function and are processed by `ret = sscanf(pRule, " %d\t%[^\t]\t%[^\n\r\t]", &dhcpsIndex, dhcpsIP, dhcpsMac);`, the lack of size validation for the rules could lead to buffer overflows in `dhcpsIndex`, `dhcpsIP`, and `dhcpsMac`. | |||||
| CVE-2026-20436 | 1 Mediatek | 8 Mt7902, Mt7920, Mt7921 and 5 more | 2026-03-03 | N/A | 6.7 MEDIUM |
| In wlan STA driver, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00473802; Issue ID: MSV-5970. | |||||
| CVE-2026-27942 | 1 Naturalintelligence | 1 Fast-xml-parser | 2026-03-02 | N/A | 7.5 HIGH |
| fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder. | |||||
| CVE-2026-3271 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda F453 1.0.0.3. This impacts the function fromP2pListFilter of the file /goform/P2pListFilterof of the component httpd. The manipulation of the argument page results in buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2020-37196 | 1 Nsasoft | 1 Domain Name Search Software | 2026-02-27 | N/A | 7.5 HIGH |
| Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash. | |||||
| CVE-2026-3272 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-3273 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-3274 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks. | |||||
| CVE-2026-3275 | 1 Tenda | 2 F453, F453 Firmware | 2026-02-27 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in Tenda F453 1.0.0.3. This affects the function fromAddressNat of the file /goform/addressNat of the component httpd. Executing a manipulation of the argument entrys can lead to buffer overflow. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | |||||
| CVE-2020-37212 | 1 Nsasoft | 1 Spotmsn | 2026-02-26 | N/A | 7.5 HIGH |
| SpotMSN 2.4.6 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. | |||||
| CVE-2020-37211 | 1 Nsasoft | 1 Spotim | 2026-02-26 | N/A | 7.5 HIGH |
| SpotIM 2.2 contains a denial of service vulnerability that allows attackers to crash the application by inputting a large buffer in the registration name field. Attackers can generate a 1000-character payload and paste it into the 'Name' field to trigger an application crash. | |||||
| CVE-2020-37210 | 1 Nsasoft | 1 Spotie | 2026-02-26 | N/A | 7.5 HIGH |
| SpotIE 2.9.5 contains a denial of service vulnerability in the registration key input that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. | |||||
| CVE-2020-37207 | 1 Nsasoft | 1 Spotdialup | 2026-02-26 | N/A | 7.5 HIGH |
| SpotDialup 1.6.7 contains a denial of service vulnerability in the registration key input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Key' field to trigger an application crash. | |||||
| CVE-2020-37206 | 1 Nsasoft | 1 Sharealarmpro | 2026-02-26 | N/A | 7.5 HIGH |
| ShareAlarmPro contains a denial of service vulnerability that allows attackers to crash the application by supplying an oversized registration key. Attackers can generate a 1000-character buffer payload to trigger an application crash when pasted into the registration key field. | |||||
| CVE-2020-37197 | 1 Nsasoft | 1 Domain Name Search Software | 2026-02-26 | N/A | 7.5 HIGH |
| Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by overflowing the 'Name' input field. Attackers can generate a 1000-character buffer payload and paste it into the registration name field to trigger an application crash. | |||||