Tenda CH22 安全漏洞

The Tenda CH22 is a network device produced by the Chinese company Tenda. Version 1.0.0.1 of the Tenda CH22 contains a security vulnerability. This vulnerability arises from incorrect handling of parameters related to the webSiteId in the component Parameter Handler, resulting in a stack buffer...

PT-2026-29321

A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment id/Amount/customer id/payment type/customer name leads to sql injection. Remote...

PT-2026-29267

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

CVE-2026-5156 Tenda CH22 Parameter QuickIndex formQuickIndex stack-based overflow

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

CVE-2026-5156

A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mitlinktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. Th...

CVE-2026-5156

The CVE-2026-5156 issue affects Tenda CH22 1.0.0.1, specifically the Parameter Handler’s formQuickIndex function in /goform/QuickIndex. The vulnerability stems from manipulating the mit_linktype argument, causing a stack-based buffer overflow. It is remotely exploitable and has publicly disclosed...

CVE-2026-5154

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-5155

A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been mad...

CVE-2026-5155

CVE-2026-5155 : A stack-based overflow exists in Tenda CH22 1.0.0.1 in the function fromAdvSetWan (/goform/AdvSetWan) when the wanmode argument is manipulated. This allows a remote attacker to trigger an overflow and potentially compromise the device. Public exploit details are noted; CVSS-derive...

CVE-2026-5154 Tenda CH22 Parameter setcfm fromSetCfm stack-based overflow

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-5154

A vulnerability has been found in Tenda CH22 1.0.0.1/1.If. The impacted element is the function fromSetCfm of the file /goform/setcfm of the component Parameter Handler. The manipulation of the argument funcname leads to stack-based buffer overflow. Remote exploitation of the attack is possible...

CVE-2026-5154

CVE-2026-5154 affects Tenda CH22 1.0.0.1. The vulnerability is in the Parameter Handler’s implementation of the function fromSetCfm in /goform/setcfm. Manipulating the funcname argument causes a stack-based buffer overflow, enabling remote exploitation. Public disclosure of the exploit indicates ...

CVE-2026-5150

A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewincostumer.php of the component Parameter Handler. Such manipulation of the argument cosid leads to sql injection. The attack can be launched remotely. Th...

Missing Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Missing Authorization through insufficient scope enforcement in the /allowlist command handler. An attacker can make unauthorized persistent changes to configuration and pairing-store...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment in the CapFQDN.DecodeFromBytes function of the BGP OPEN Message Handler. An attacker can bypass intended access controls by manipulating the domainNameLen argument remotely, potentially resulting in...

CVE-2026-34005

In Sofia on Xiongmai DVR/NVR AHB7008T-MH-V2 and NBD7024H-P 4.03.R11 devices, root OS command injection can occur via shell metacharacters in the HostName value via an authenticated DVRIP protocol TCP port 34567 request to the NetWork.NetCommon configuration handler, because system is used...

CVE-2026-5044

A security vulnerability has been detected in Belkin F9K1122 1.00.33. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. The attack can be...

CVE-2026-5043

A weakness has been identified in Belkin F9K1122 1.00.33. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. Remote exploitation of the attack is...

CVE-2026-5034

A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /editcostumer.php of the component Parameter Handler. This manipulation of the argument cosid causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-5042

A security flaw has been discovered in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. The attack may be...