16159 matches found
CVE-2026-51606
An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...
CVE-2026-51606
CVE-2026-51606 affects Tenda CP3 v3.0 with firmware v31.1.9.91. The RTSP service suffers improper input handling: when an oversized field value is sent, the device terminates the TCP connection with an RST and does not return any RFC 2326‑compliant error response. Affected items include the reque...
CVE-2026-51606
An improper input handling vulnerability in the RTSP service of Tenda CP3 V3.0 firmware V31.1.9.91 causes the device to abruptly terminate the TCP connection with a RST packet when a request containing an oversized field value is received, without returning any RFC 2326-compliant error response...
PT-2026-56933
Name of the Vulnerable Software and Affected Versions Pimcore versions prior to 2025.4.6 Pimcore versions prior to 2026.1.6 Description An unauthenticated attacker who knows a valid admin username can take over an admin account by sending a password reset request containing an attacker-controlled...
CVE-2026-36028
A protection mechanism failure in the Code 27 Companion Hub allows an attacker with physical access to completely bypass kiosk restrictions via a factory reset...
CVE-2026-9074
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-9074
IBM API Connect is affected by an unauthenticated SQL injection in the password reset flow for versions 10.0.8.0–10.0.8.9 and 12.1.0.0–12.1.0.3. The issue is a server-side SQL injection vulnerability that can be exploited without authentication, with network access required and no user interactio...
EUVD-2026-42307
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-9074 IBM API Connect SQL Injection
IBM API Connect 10.0.8.0 through 10.0.8.9 and 12.1.0.0 through 12.1.0.3 contains an unauthenticated SQL injection vulnerability in the password reset functionality...
CVE-2026-57256
When the application opens a PDF and executes JavaScript, it performs abnormal operations on the list box field, and this operation is repeated after the form is reset. During this process, the application failed to adequately verify the validity of the form objects and their internal dictionary...
CVE-2026-57244
After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...
CVE-2026-57249
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...
CVE-2026-57249
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...
EUVD-2026-42204
After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...
CVE-2026-57249
CVE-2026-57249 affects Foxit PDF Editor/Reader in the annotation handling path. After opening a PDF, the software resets the annotation status and triggers a reset form event; during the subsequent re-entry it accesses invalid objects, leading to a crash. CVSS 3.1 vector: AV:L/AC:L/PR:N/UI:R/S:U/...
EUVD-2026-42195
After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...
CVE-2026-57244
After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...
CVE-2026-57244 Foxit PDF Editor/Reader Form Control Use-After-Free Vulnerability
After JavaScript resetting the form, the synchronization process lacks re-entry protection and object lifecycle verification, resulting in the failure of the control pointer during the traversal process. After the pointer fails, it still continues to dereference, causing the application to crash...
CVE-2026-57244
CVE-2026-57244 affects Foxit PDF Editor/Reader Form Control. The root cause is a missing re-entry protection and object lifecycle verification during form synchronization after JavaScript resets, causing a control pointer dereference after a failure and resulting in a crash. The CVSSv3.1 vector i...
CVE-2026-57250
CVE-2026-57250 affects Foxit PDF Editor/Reader when opening a PDF and JavaScript resets form fields, causing a re-entry into the interface that damages a native object. The app validates insufficiently, and the function call on the damaged object leads to a crash. The CVSS v3.1 vector is LOCAL/Ux...