CVE-2026-5550

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5548

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

CVE-2026-5550 Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5550

A vulnerability was identified in Tenda AC10 16.03.10.10multiTDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected...

CVE-2026-5550

CVE-2026-5550 affects Tenda AC10 (16.03.10.10_multi_TDE01). The vulnerability targets the fromSysToolChangePwd function in /bin/httpd, causing a stack-based buffer overflow. Exploitation could be remote and affect multiple endpoints, with high impact on confidentiality, integrity, and availabilit...

CVE-2026-5548 Tenda AC10 httpd fromSysToolChangePwd stack-based overflow

A vulnerability was found in Tenda AC10 16.03.10.10multiTDE01. Affected by this vulnerability is the function fromSysToolChangePwd of the file /bin/httpd. Performing a manipulation of the argument sys.userpass results in stack-based buffer overflow. The attack can be initiated remotely...

EUVD-2026-19038

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

CVE-2026-5544 UTT HiPER 1250GW formRemoteControl stack-based overflow

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

CVE-2026-5544

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

CVE-2026-5544

CVE-2026-5544 affects UTT HiPER 1250GW, up to version 3.2.7-210907-180535. The vulnerability exists in an unknown function of the file /goform/formRemoteControl where manipulating the Profile argument causes a stack-based buffer overflow. It can be exploited remotely, and public exploits are avai...

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the version 16.03.10.10multiTDE01 of the Tenda AC10; this vulnerability stems from a stack buffer overflow in the fromSysToolChangePwd function located in the /bin/httpd directory...

Tenda AC10 安全漏洞

The Tenda AC10 is a wireless router produced by the Chinese company Tenda. There is a security vulnerability in the version 16.03.10.10multiTDE01 of the Tenda AC10. This vulnerability stems from incorrect handling of the parameter sys.userpass in the fromSysToolChangePwd function located in the...

UTT HiPER 1250GW 安全漏洞

UTT HiPER 1250GW is a wireless gateway device developed by UTT Corporation. Versions of UTT HiPER 1250GW prior to 3.2.7-210907-180535 contained security vulnerabilities. These vulnerabilities were caused by incorrect handling of parameters in the file/goform/formRemoteControl, which could lead to...

PT-2026-30419

Name of the Vulnerable Software and Affected Versions Tenda AC10 version 16.03.10.10 multi TDE01 Description A stack-based buffer overflow can be triggered in the fromSysToolChangePwd function located in the /bin/httpd file. This occurs through manipulation of the sys.userpass argument, allowing...

PT-2026-30416

A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. The impacted element is an unknown function of the file /goform/formRemoteControl. The manipulation of the argument Profile results in stack-based buffer overflow. The attack can be executed remotely. The exploit h...

openSUSE 16 Security Update : kea (openSUSE-SU-2026:20452-1)

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20452-1 advisory. Update to 3.0.3: - CVE-2025-11232: invalid characters cause assert bsc1252863. - CVE-2026-3608: stack overflow via maliciously crafted message...

GHSA-8PFC-JJGW-6G26 SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

SandboxJS: Stack overflow DoS via deeply nested expressions in recursive descent parser

Summary The @nyariv/sandboxjs parser contains unbounded recursion in the restOfExp function and the lispify/lispifyExpr call chain. An attacker can crash any Node.js process that parses untrusted input by supplying deeply nested expressions e.g., 2000 nested parentheses, causing a RangeError:...

CVE-2026-5349

A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function addapcdb of the file /setup.cgi. The manipulation of the argument macpcdba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be...

CLSA-2026-1775121288 ImageMagick: Fix of 7 CVEs

CVE-2026-28494: fix stack buffer overflow in morphology kernel parsing - CVE-2026-28691: fix uninitialized pointer dereference in JBIG decoder - CVE-2026-25989: fix off-by-one boundary check in CastDoubleToLong - CVE-2026-25985: fix memory allocation without limits in SVG decoder -...