Export limit exceeded: 343793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3493 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4960 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4747 | 1 Freebsd | 1 Freebsd | 2026-04-02 | 8.8 High |
| Each RPCSEC_GSS data packet is validated by a routine which checks a signature in the packet. This routine copies a portion of the packet into a stack buffer, but fails to ensure that the buffer is sufficiently large, and a malicious client can trigger a stack overflow. Notably, this does not require the client to authenticate itself first. As kgssapi.ko's RPCSEC_GSS implementation is vulnerable, remote code execution in the kernel is possible by an authenticated user that is able to send packets to the kernel's NFS server while kgssapi.ko is loaded into the kernel. In userspace, applications which have librpcgss_sec loaded and run an RPC server are vulnerable to remote code execution from any client able to send it packets. We are not aware of any such applications in the FreeBSD base system. | ||||
| CVE-2026-26738 | 1 Uderzo Software | 1 Spacesniffer | 2026-04-01 | 7.8 High |
| Buffer Overflow vulnerability in Uderzo Software SpaceSniffer v.2.0.5.18 allows a remote attacker to execute arbitrary code via a crafted .sns snapshot file. | ||||
| CVE-2026-5045 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2026-04-01 | 8.8 High |
| A vulnerability was detected in Tenda FH1201 1.2.0.14(408). This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2026-5037 | 1 Michaelrsweet | 1 Mxml | 2026-04-01 | 3.3 Low |
| A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue. | ||||
| CVE-2026-5154 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-01 | 8.8 High |
| A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-21224 | 1 Microsoft | 1 Azure Connected Machine Agent | 2026-04-01 | 7.8 High |
| Stack-based buffer overflow in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-22790 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-03-31 | 8.8 High |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, `HomeplugMessage::setup_payload` trusts `len` after an `assert`; in release builds the check is removed, so oversized SLAC payloads are `memcpy`'d into a ~1497-byte stack buffer, corrupting the stack and enabling remote code execution from network-provided frames. Version 2026.02.0 contains a patch. | ||||
| CVE-2026-23995 | 2 Everest, Linuxfoundation | 2 Everest-core, Everest | 2026-03-31 | 8.4 High |
| EVerest is an EV charging software stack. Prior to version 2026.02.0, stack-based buffer overflow in CAN interface initialization: passing an interface name longer than IFNAMSIZ (16) to CAN open routines overflows `ifreq.ifr_name`, corrupting adjacent stack data and enabling potential code execution. A malicious or misconfigured interface name can trigger this before any privilege checks. Version 2026.02.0 contains a patch. | ||||
| CVE-2026-4902 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2026-03-31 | 8.8 High |
| A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4961 | 1 Tenda | 2 Ac6, Ac6 Firmware | 2026-03-31 | 8.8 High |
| A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-5024 | 2 D-link, Dlink | 3 Dir-513, Dir-513, Dir-513 Firmware | 2026-03-31 | 8.8 High |
| A vulnerability was found in D-Link DIR-513 1.10. This issue affects the function formSetEmail of the file /goform/formSetEmail. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-5043 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-03-31 | 8.8 High |
| A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-53521 | 1 F5 | 2 Big-ip, Big-ip Access Policy Manager | 2026-03-31 | 9.8 Critical |
| When a BIG-IP APM access policy is configured on a virtual server, specific malicious traffic can lead to Remote Code Execution (RCE). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2026-4974 | 1 Tenda | 2 Ac7, Ac7 Firmware | 2026-03-31 | 8.8 High |
| A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5021 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-30 | 8.8 High |
| A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-5036 | 1 Tenda | 2 4g06, 4g06 Firmware | 2026-03-30 | 8.8 High |
| A vulnerability was found in Tenda 4G06 04.06.01.29. This vulnerability affects the function fromDhcpListClient of the file /goform/DhcpListClient of the component Endpoint. Performing a manipulation of the argument page results in stack-based buffer overflow. The attack can be initiated remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5042 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-03-30 | 8.8 High |
| A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5044 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-03-30 | 8.8 High |
| A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5046 | 1 Tenda | 2 Fh1201, Fh1201 Firmware | 2026-03-30 | 8.8 High |
| A flaw has been found in Tenda FH1201 1.2.0.14(408). Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been published and may be used. | ||||