ReportizFlow
Filtered by vendor
Subscriptions
Total
14208 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4042 | 1 Tenda | 2 I12, I12 Firmware | 2026-03-13 | 8.8 High |
| A weakness has been identified in Tenda i12 1.0.0.6(2204). The affected element is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. This manipulation of the argument index causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-4043 | 1 Tenda | 2 I12, I12 Firmware | 2026-03-13 | 8.8 High |
| A security vulnerability has been detected in Tenda i12 1.0.0.6(2204). The impacted element is the function formwrlSSIDget of the file /goform/wifiSSIDget. Such manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3950 | 1 Struktur | 1 Libheif | 2026-03-13 | 3.3 Low |
| A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet. | ||||
| CVE-2026-3949 | 1 Struktur | 1 Libheif | 2026-03-13 | 3.3 Low |
| A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue. | ||||
| CVE-2026-3972 | 1 Tenda | 1 W3 | 2026-03-13 | 8.8 High |
| A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local network. The exploit has been made public and could be used. | ||||
| CVE-2026-3973 | 1 Tenda | 1 W3 | 2026-03-13 | 8.8 High |
| A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3971 | 1 Tenda | 2 I3, I3 Firmware | 2026-03-13 | 8.8 High |
| A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3970 | 1 Tenda | 2 I3, I3 Firmware | 2026-03-13 | 8.8 High |
| A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3731 | 1 Libssh | 1 Libssh | 2026-03-12 | 5.3 Medium |
| A weakness has been identified in libssh up to 0.11.3. The impacted element is the function sftp_extensions_get_name/sftp_extensions_get_data of the file src/sftp.c of the component SFTP Extension Name Handler. Executing a manipulation of the argument idx can lead to out-of-bounds read. The attack may be performed from remote. Upgrading to version 0.11.4 and 0.12.0 is sufficient to resolve this issue. This patch is called 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60. You should upgrade the affected component. | ||||
| CVE-2026-3732 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-11 | 8.8 High |
| A security vulnerability has been detected in Tenda F453 1.0.0.3. This affects the function strcpy of the file /goform/exeCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3663 | 1 Xlnt-community | 1 Xlnt | 2026-03-11 | 3.3 Low |
| A vulnerability was found in xlnt-community xlnt up to 1.6.1. This issue affects the function xlnt::detail::compound_document_istreambuf::xsgetn of the file source/detail/cryptography/compound_document.cpp of the component XLSX File Parser. Performing a manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been made public and could be used. The patch is named 147. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2026-3664 | 1 Xlnt-community | 1 Xlnt | 2026-03-11 | 3.3 Low |
| A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to out-of-bounds read. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 147. Applying a patch is advised to resolve this issue. | ||||
| CVE-2026-3677 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-03-11 | 8.8 High |
| A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-3678 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-03-11 | 8.8 High |
| A vulnerability was determined in Tenda FH451 1.0.0.9. Affected is the function sub_3C434 of the file /goform/AdvSetWan. This manipulation of the argument wanmode/PPPOEPassword causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3679 | 1 Tenda | 4 F451, F451 Firmware, Fh451 and 1 more | 2026-03-11 | 8.8 High |
| A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3847 | 1 Mozilla | 1 Firefox | 2026-03-11 | 8.8 High |
| Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 148.0.2. | ||||
| CVE-2026-3727 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-11 | 8.8 High |
| A vulnerability was found in Tenda F453 1.0.0.3. This vulnerability affects the function sub_3C6C0 of the file /goform/QuickIndex. The manipulation of the argument mit_linktype/PPPOEPassword results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-3728 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-11 | 8.8 High |
| A vulnerability was determined in Tenda F453 1.0.0.3/1.If. This issue affects the function fromSetCfm of the file /goform/setcfm. This manipulation of the argument funcname/funcpara1 causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3726 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-11 | 8.8 High |
| A vulnerability has been found in Tenda F453 1.0.0.3. This affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3729 | 1 Tenda | 2 F453, F453 Firmware | 2026-03-11 | 8.8 High |
| A vulnerability was identified in Tenda F453 1.0.0.3/3.As. Impacted is the function fromPptpUserAdd of the file /goform/PPTPDClient. Such manipulation of the argument username/opttype leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||