ReportizFlow
Filtered by vendor
Subscriptions
Total
14477 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43458 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-23 | 4.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2026-4172 | 1 Trendnet | 2 Tew-632brp, Tew-632brp Firmware | 2026-04-23 | 7.2 High |
| A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /ping_response.cgi of the component HTTP POST Request Handler. The manipulation of the argument ping_ipaddr results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4188 | 1 D-link | 1 Dir-619l | 2026-04-23 | 8.8 High |
| A security flaw has been discovered in D-Link DIR-619L 2.06B01. The affected element is the function formSchedule of the file /goform/formSchedule of the component boa. Performing a manipulation of the argument curTime results in stack-based buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-4488 | 1 Utt | 1 Hiper 1250gw | 2026-04-23 | 8.8 High |
| A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected is the function strcpy of the file /goform/setSysAdm. Such manipulation of the argument GroupName leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-4489 | 1 Tenda | 1 A18 Pro | 2026-04-23 | 8.8 High |
| A vulnerability was detected in Tenda A18 Pro 02.03.02.28. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4490 | 1 Tenda | 1 A18 Pro | 2026-04-23 | 8.8 High |
| A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-4492 | 1 Tenda | 1 A18 Pro | 2026-04-23 | 8.8 High |
| A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-4493 | 1 Tenda | 1 A18 Pro | 2026-04-23 | 8.8 High |
| A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4487 | 1 Utt | 1 Hiper 1200gw | 2026-04-23 | 8.8 High |
| A vulnerability was determined in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file /goform/websHostFilter. This manipulation causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4185 | 1 Gpac | 1 Gpac | 2026-04-23 | 6.3 Medium |
| A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The patch is identified as 8961c74f87ae3fe2d3352e622f7730ca96d50cf1. A patch should be applied to remediate this issue. | ||||
| CVE-2026-4491 | 1 Tenda | 1 A18 Pro | 2026-04-23 | 8.8 High |
| A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4318 | 1 Utt | 1 Hiper 810g | 2026-04-23 | 8.8 High |
| A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-43504 | 1 Apple | 1 Xcode | 2026-04-23 | 4.9 Medium |
| A buffer overflow was addressed with improved bounds checking. This issue is fixed in Xcode 26.1. A user in a privileged network position may be able to cause a denial-of-service. | ||||
| CVE-2025-43441 | 2 Apple, Redhat | 14 Ios, Ipad Os, Ipados and 11 more | 2026-04-23 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43431 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-23 | 8.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2026-3994 | 1 Rui314 | 1 Mold | 2026-04-23 | 5.3 Medium |
| A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-4167 | 1 Belkin | 2 F9k1122, F9k1122 Firmware | 2026-04-23 | 8.8 High |
| A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4016 | 1 Gpac | 1 Gpac | 2026-04-23 | 5.3 Medium |
| A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2. It is suggested to install a patch to address this issue. | ||||
| CVE-2026-3950 | 1 Struktur | 1 Libheif | 2026-04-23 | 3.3 Low |
| A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet. | ||||
| CVE-2026-4009 | 1 Jarikomppa | 1 Soloud | 2026-04-23 | 3.3 Low |
| A vulnerability has been found in jarikomppa soloud up to 20200207. Impacted is the function drwav_read_pcm_frames_s16__msadpcm in the library src/audiosource/wav/dr_wav.h of the component WAV File Parser. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. Upgrading to version 20200207 is recommended to address this issue. It is recommended to upgrade the affected component. The project was informed of the problem early through an issue report but has not responded yet. | ||||