CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2026/03/27 12:53 a.m.•14 views

CVE-2026-4906

CVE-2026-4906 affects Tenda AC5 firmware 15.03.06.47. The vulnerability resides in the decodePwd function of the /goform/WizardHandle POST Request Handler. By manipulating the WANT/WANS argument, an attacker can trigger a stack-based buffer overflow, with remote execution potential. Public disclo...

9CVSS8.1AI score0.02604EPSS

EUVD•added 2026/03/27 12:31 a.m.•3 views

EUVD-2026-16470

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

9CVSS8.1AI score0.00632EPSS

Exploits1References6

EUVD•added 2026/03/27 12:31 a.m.•2 views

EUVD-2026-16476

A vulnerability was found in Tenda AC5 15.03.06.47. Impacted is the function formWifiWpsOOB of the file /goform/WifiWpsOOB of the component POST Request Handler. Performing a manipulation of the argument index results in stack-based buffer overflow. Remote exploitation of the attack is possible...

9CVSS7.8AI score0.00632EPSS

Exploits1References6

Positive Technologies•added 2026/03/27 12:0 a.m.•8 views

PT-2026-28686

Name of the Vulnerable Software and Affected Versions Tenda AC6 version 15.03.05.16 Description A stack-based buffer overflow exists in the fromWizardHandle function of the /goform/WizardHandle file within the POST Request Handler component. Manipulation of the WANT/WANS argument can trigger this...

9CVSS6.2AI score0.00773EPSS

Exploits1References7

Positive Technologies•added 2026/03/27 12:0 a.m.•3 views

PT-2026-28700

Name of the Vulnerable Software and Affected Versions Tenda AC15 version 15.03.05.19 Description A flaw exists in the Tenda AC15 router that allows remote attackers to trigger a stack-based buffer overflow. The issue is located within the POST Request Handler component, specifically in the...

9CVSS6.4AI score0.00632EPSS

Exploits1References8

NVD•added 2026/03/26 11:16 p.m.•5 views

CVE-2026-4902

9CVSS0.00632EPSS

ATTACKERKB•added 2026/03/26 11:11 p.m.•3 views

CVE-2026-4905

9CVSS7.8AI score0.00632EPSS

Vulnrichment•added 2026/03/26 11:11 p.m.•2 views

CVE-2026-4904 Tenda AC5 POST Request setcfm formSetCfm stack-based overflow

A vulnerability has been found in Tenda AC5 15.03.06.47. This issue affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. Such manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit...

9CVSS7.9AI score0.00746EPSS

Cvelist•added 2026/03/26 10:30 p.m.•23 views

CVE-2026-4903 Tenda AC5 POST Request QuickIndex formQuickIndex memory corruption

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

9CVSS0.05461EPSS

CVE•added 2026/03/26 10:30 p.m.•8 views

CVE-2026-4903

CVE-2026-4903 affects the Tenda AC5 (firmware 15.03.06.47). The vulnerability is in the POST /goform/QuickIndex handler function formQuickIndex, where manipulating the PPPOEPassword argument triggers a stack-based buffer overflow. The attack can be mounted remotely, with the exploit published and...

9CVSS8.1AI score0.05461EPSS

Cvelist•added 2026/03/26 10:30 p.m.•20 views

CVE-2026-4902 Tenda AC5 POST Request addressNat fromAddressNat memory corruption

9CVSS0.00632EPSS

RedhatCVE•added 2026/03/26 3:15 p.m.•4 views

CVE-2026-4543

A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is an unknown function of the file /cgi-bin/firewall.cgi of the component POST Request Handler. Performing a manipulation of the argument dmzflag/delflag results in command injection. It is possible to initiate the attac...

6.5CVSS6.3AI score0.03379EPSS

Exploits1References1

RedhatCVE•added 2026/03/26 3:6 p.m.•3 views

CVE-2026-22216

wpDiscuz before 7.6.47 contains a missing rate limiting vulnerability that allows unauthenticated attackers to subscribe arbitrary email addresses to post notifications by sending POST requests to the wpdAddSubscription handler in class.WpdiscuzHelperAjax.php. Attackers can exploit LIKE wildcard...

6.9CVSS6AI score0.0032EPSS

RedhatCVE•added 2026/03/26 2:58 p.m.•2 views

CVE-2026-4164

A flaw has been found in Wavlink WL-WN578W2 221110. Impacted is the function DeleteMaclist/SetName/GuestWifi of the file /cgi-bin/wireless.cgi of the component POST Request Handler. Executing a manipulation can lead to command injection. It is possible to launch the attack remotely. The exploit h...

10CVSS6.9AI score0.02057EPSS

RedhatCVE•added 2026/03/26 2:58 p.m.•3 views

CVE-2026-4172

A vulnerability was detected in TRENDnet TEW-632BRP 1.010B32. This affects an unknown part of the file /pingresponse.cgi of the component HTTP POST Request Handler. The manipulation of the argument pingipaddr results in stack-based buffer overflow. The attack may be performed from remote. The...

8.6CVSS7.7AI score0.00612EPSS

RedhatCVE•added 2026/03/26 2:58 p.m.•5 views

CVE-2026-22317

A command injection vulnerability in the device’s Root CA certificate transfer workflow allows a high-privileged attacker to send crafted HTTP POST requests that result in arbitrary command execution on the underlying Linux OS with root privileges...

7.2CVSS6.2AI score0.00999EPSS

RedhatCVE•added 2026/03/26 2:56 p.m.•3 views

CVE-2019-25468

NetGain EM Plus 10.1.68 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system commands by submitting malicious parameters to the scripttest.jsp endpoint. Attackers can send POST requests with shell commands embedded in the 'content'...

9.8CVSS6.8AI score0.00756EPSS