EUVD-2025-32710

A vulnerability was identified in Tenda AC15 15.03.05.18. This impacts an unknown function of the file /goform/setNotUpgrade. Such manipulation of the argument newVersion leads to stack-based buffer overflow. The attack may be launched remotely. The exploit is publicly available and might be used...

Tenda AC20 安全漏洞

Tenda AC20 is a home router from Tenda. The Tenda AC20 suffers from a buffer overflow vulnerability, which originates from the incorrect operation of the sscanf function parameter timeZone in the file /goform/fastsettingwifiset, for which no detailed vulnerability details are available at this ti...

CVE-2025-11325

A security flaw has been discovered in Tenda AC18 15.03.05.196318. Affected by this issue is some unknown functionality of the file /goform/fastsettingpppoeset. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack is possible to be carried out...

Tenda AC18 安全漏洞

Tenda AC18 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in July 2016, mainly for villas and large home users. Tenda AC18 has a stack buffer overflow vulnerability, which originates from the parameter ddnsEn in the file /goform/SetDDNSCfg fails to correctly...

EUVD-2025-24120

Malicious code in bioql PyPI...

EUVD-2025-31452

Malicious code in bioql PyPI...

EUVD-2025-25437

Malicious code in bioql PyPI...

EUVD-2025-25401

Malicious code in bioql PyPI...

EUVD-2025-30388

Malicious code in bioql PyPI...

EUVD-2025-24818

Malicious code in bioql PyPI...

EUVD-2025-25400

Malicious code in bioql PyPI...

EUVD-2025-27578

Malicious code in bioql PyPI...

EUVD-2025-25406

Malicious code in bioql PyPI...

EUVD-2025-24103

Malicious code in bioql PyPI...

D-Link DIR-823X Command Injection Vulnerability (CNVD-2025-23372)

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability that originates from a misuse of the parameter delvalue in the file /goform/deleteofflinedevice, which can be exploited by an attacker to cause a command injection...

CVE-2025-11096 D-Link DIR-823X diag_traceroute command injection

A flaw has been found in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/diagtraceroute. Executing manipulation of the argument targetaddr can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used...

PT-2025-39762

Name of the Vulnerable Software and Affected Versions D-Link DIR-823X version 250416 Description A flaw exists in the uci set function within the /goform/set wifi blacklists file. This allows for remote command injection through manipulation. The exploit is publicly available. Recommendations At...

D-Link DIR-823X 命令注入漏洞

The D-Link DIR-823X is a wireless router from China's AUO D-Link. The D-Link DIR-823X suffers from a command injection vulnerability, which originates from the incorrect operation of the function ucidel on the parameter delvalue in the file /goform/deleteprohibiting, which can be exploited by an...

Tenda CH22 安全漏洞

Tenda CH22 is an enterprise-grade wireless router from Tenda. The Tenda CH22 suffers from a buffer overflow vulnerability that originates from improper handling of the dips parameter in the formWrlExtraGet function in the /goform/GstDhcpSetSer file. An attacker can exploit this vulnerability to...

CVE-2025-10815

A vulnerability was identified in Tenda AC20 up to 16.03.08.12. Affected by this issue is the function strcpy of the file /goform/SetPptpServerCfg of the component HTTP POST Request Handler. Such manipulation of the argument startIp leads to buffer overflow. The attack can be launched remotely. T...