CVE-2026-9399

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the atta...

PT-2026-42970

A vulnerability was detected in Edimax BR-6675nD 1.12. This vulnerability affects the function formsetPPPoE of the file /goform/formsetPPPoE of the component POST Request Handler. Performing a manipulation of the argument pppUserName results in buffer overflow. It is possible to initiate the atta...

CVE-2026-38835

Tenda W30E V2.0 V16.01.0.21 was found to contain a command injection vulnerability in the formSetUSBPartitionUmount function via the usbPartitionName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Missing Authorization

Overview Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Affected versions of this package are vulnerable to Missing Authorization in the InlineModelAdmin.getformset function. An attacker can gain unauthorized access to add inline model...

CVE-2025-70238

CVE-2025-70238 affects D-Link DIR-513 v1.10. The issue is a stack buffer overflow triggered by the curTime parameter in the /goform/formSetWAN_Wizard52 endpoint. Root cause: improper handling of input in that endpoint leads to a stack-based overflow. Impact per sources is a high-severity vulnerab...

CVE-2025-70232

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...

CVE-2025-70232

Stack buffer overflow vulnerability in D-Link DIR-513 v1.10 via the curTime parameter to goform/formSetMACFilter...

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

Tenda AC15 安全漏洞

The Tenda AC15 is a wireless router produced by the Chinese company Tenda. The Tenda AC15V1.0 V15.03.05.18multi version has a security vulnerability. This vulnerability stems from the lack of checking for the v1 parameter in the goform/formsetUsbUnload function, which may lead to command injectio...

CVE-2026-24105

An issue was discovered in goform/formsetUsbUnload in Tenda AC15V1.0 V15.03.05.18multi. The value of v1 was not checked, potentially leading to a command injection vulnerability if injected into doSystemCmd...

CVE-2026-24105

The CVE-2026-24105 issue affects Tenda AC15V1.0 (V15.03.05.18_multi) in the goform/formsetUsbUnload component. The vulnerability arises because the v1 value is not checked, potentially allowing command injection when used in doSystemCmd. Reported impacts indicate potential arbitrary command execu...

CVE-2025-44872

Tenda AC9 V15.03.06.42multi was found to contain a command injection vulnerability in the formsetUsbUnload function via the deviceName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

Exploit for Classic Buffer Overflow in Tenda Ac6_Firmware

CVE-2023-38823 Buffer Overflow in formSetCfm Affected mod...

GHSA-G8XG-JGJ6-49R3 Django is vulnerable to Denial of Service attack in formset

The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and 1.5 before release candidate 2 allows remote attackers to bypass intended resource limits for formsets and cause a denial of service memory consumption or trigger server errors via a modified maxnum parameter...

Null Pointer Reference Vulnerability in WPS Office 2016 Forms excelrw Module

WPS Office is an office software suite developed independently by Kingsoft Corporation. A null pointer reference vulnerability exists in the excelrw module of WPS Formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service...

Memory corruption vulnerability in WPS Office 2016 forms excelrw module (CNVD-2018-04738)

WPS office is an office software suite independently developed by Kingsoft Corporation. A memory corruption vulnerability exists in the excelrw module of WPS Formset.exe in WPS when parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service or possibly...

Denial of Service Vulnerability in WPS Office 2016 Forms

WPS office is an office software suite independently developed by Kingsoft Corporation. A denial of service vulnerability exists in WPS Formset.exe in WPS when parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service...

Null Pointer Reference Vulnerability in WPS Office 2016 Forms

WPS office is an office software suite independently developed by Kingsoft Corporation. A null pointer reference vulnerability exists in WPS Formset.exe in WPS when parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service or possibly execute code...

Memory Corruption Vulnerability in WPS Office 2016 Forms excelrw Module

WPS office is an office software suite independently developed by Kingsoft Corporation. A memory corruption vulnerability exists in the excelrw module of WPS Formset.exe in WPS when parsing a specific xls file. An attacker can exploit the vulnerability to cause a denial of service...

Null Pointer Reference Vulnerability in WPS Forms xlsxrw Module

WPS office is an office software suite independently developed by Kingsoft Corporation. A null pointer reference vulnerability exists in the xlsxrw module of WPS Formset.exe in WPS when parsing a specific xls file, which can be exploited by an attacker to cause a denial of service...