Total
3942 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-37193 | 2026-02-12 | N/A | 7.5 HIGH | ||
| ZIP Password Recovery 2.30 contains a denial of service vulnerability that allows attackers to crash the application by providing maliciously crafted input. Attackers can create a specially prepared text file with specific characters to trigger an application crash when selecting a ZIP file. | |||||
| CVE-2020-37175 | 2026-02-12 | N/A | 7.5 HIGH | ||
| P2PWIFICAM2 for iOS 10.4.1 contains a denial of service vulnerability that allows attackers to crash the application by manipulating the Camera ID input field. Attackers can paste a 257-character buffer into the Camera ID field to trigger an application crash on iOS devices. | |||||
| CVE-2020-37189 | 2026-02-12 | N/A | 7.5 HIGH | ||
| TaskCanvas 1.4.0 contains a denial of service vulnerability in the registration code input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the registration field to trigger an application crash. | |||||
| CVE-2020-37194 | 2026-02-12 | N/A | 7.5 HIGH | ||
| Backup Key Recovery 2.2.5 contains a denial of service vulnerability that allows attackers to crash the application by supplying an overly long registration key. Attackers can generate a 1000-character payload file and paste it into the registration key field to trigger an application crash. | |||||
| CVE-2020-37191 | 2026-02-12 | N/A | 7.5 HIGH | ||
| Top Password Software Dialup Password Recovery 1.30 contains a denial of service vulnerability that allows attackers to crash the application by overflowing input fields. Attackers can trigger the vulnerability by inserting a large 5000-character payload into the User Name and Registration Code input fields. | |||||
| CVE-2020-37187 | 2026-02-12 | N/A | 7.5 HIGH | ||
| SpotDialup 1.6.7 contains a denial of service vulnerability in the registration name input field that allows attackers to crash the application. Attackers can generate a 1000-character buffer payload and paste it into the 'Name' field to trigger an application crash. | |||||
| CVE-2025-52869 | 1 Qnap | 1 Qsync Central | 2026-02-12 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-52870 | 1 Qnap | 1 Qsync Central | 2026-02-12 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-52868 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-48725 | 1 Qnap | 2 Qts, Quts Hero | 2026-02-11 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: QuTS hero h5.3.2.3354 build 20251225 and later | |||||
| CVE-2025-48724 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-48723 | 1 Qnap | 1 Qsync Central | 2026-02-11 | N/A | 8.1 HIGH |
| A buffer overflow vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Qsync Central 5.0.0.4 ( 2026/01/20 ) and later | |||||
| CVE-2025-47399 | 1 Qualcomm | 28 Cologne, Cologne Firmware, Fastconnect 7800 and 25 more | 2026-02-11 | N/A | 7.8 HIGH |
| Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters. | |||||
| CVE-2026-2137 | 1 Tenda | 2 Tx3, Tx3 Firmware | 2026-02-11 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2026-2139 | 1 Tenda | 2 Tx9, Tx9 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |||||
| CVE-2026-2138 | 1 Tenda | 2 Tx9, Tx9 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used. | |||||
| CVE-2026-2140 | 1 Tenda | 2 Tx9, Tx9 Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used. | |||||
| CVE-2026-24922 | 1 Huawei | 1 Harmonyos | 2026-02-10 | N/A | 6.9 MEDIUM |
| Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2025-11653 | 1 Utt | 2 2620g, 2620g Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability was determined in UTT HiPER 2620G up to 3.1.4. Impacted is the function strcpy of the file /goform/fNTP. This manipulation of the argument NTPServerIP causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2026-2066 | 1 Utt | 2 520w, 520w Firmware | 2026-02-10 | 9.0 HIGH | 8.8 HIGH |
| A weakness has been identified in UTT 进取 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formIpGroupConfig. Executing a manipulation of the argument groupName can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||