CVE-2026-33491

Zen C is a systems programming language that compiles to human-readable GNU C/C11. Prior to version 0.4.4, a stack-based buffer overflow vulnerability in the Zen C compiler allows attackers to cause a compiler crash or potentially execute arbitrary code by providing a specially crafted Zen C sour...

CVE-2026-4902

A vulnerability was detected in Tenda AC5 15.03.06.47. This affects the function fromAddressNat of the file /goform/addressNat of the component POST Request Handler. The manipulation of the argument page results in stack-based buffer overflow. The attack can be launched remotely. The exploit is n...

CVE-2026-4903

A flaw has been found in Tenda AC5 15.03.06.47. This vulnerability affects the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. This manipulation of the argument PPPOEPassword causes stack-based buffer overflow. The attack may be initiated remotely. Th...

EUVD-2026-16811

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

CVE-2026-4975

A vulnerability has been found in Tenda AC15 15.03.05.19. This affects the function formSetCfm of the file /goform/setcfm of the component POST Request Handler. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has...

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-4975

The CVE-2026-4975 entry affects the Tenda AC15 device (firmware 15.03.05.19). It targets the POST handler at /goform/setcfm, specifically the formSetCfm function, where manipulating the funcpara1 argument causes a stack-based buffer overflow. Impact is defined as high for confidentiality, integri...

CVE-2026-4974

A flaw has been found in Tenda AC7 15.03.06.44. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg of the component POST Request Handler. Executing a manipulation of the argument Time can lead to stack-based buffer overflow. It is possible to launch the attack...

CVE-2026-4974

CVE-2026-4974 affects Tenda AC7 firmware version 15.03.06.44. The vulnerability is in the function fromSetSysTime of /goform/SetSysTimeCfg in the POST Request Handler, where manipulating the Time argument can cause a stack-based buffer overflow. This enables remote code execution over the network...

EUVD-2026-16724

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to Node.js module Multer (CVE-2026-2359, CVE-2026-3304 & CVE-2026-3520)

Summary The IBM App Connect Enterprise Connector Discovery and OpenAPI Editor is vulnerable to multiple vulnerabilities due to Node.js module Multer. Vulnerability Details CVEID:CVE-2026-2359 DESCRIPTION: Multer is a node.js middleware for handling multipart/form-data. A vulnerability in Multer...

CVE-2026-4961

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

CVE-2026-4960

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

CVE-2026-22593

EVerest is an EV charging software stack. Prior to version 2026.02.0, an off-by-one check in IsoMux certificate filename handling causes a stack-based buffer overflow when a filename length equals MAXFILENAMELENGTH 100. A crafted filename in the certificate directory can overflow filenamesidx,...

CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

CVE-2026-4960 Tenda AC6 POST Request WizardHandle fromWizardHandle stack-based overflow

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

CVE-2026-4960 Tenda AC6 POST Request WizardHandle fromWizardHandle stack-based overflow

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

CVE-2026-4960

The CVE-2026-4960 entry concerns Tenda AC6 firmware (15.03.05.16) with a vulnerability in the POST Request Handler’s WizardHandle component. Specifically, the fromWizardHandle function processes the WANT/WANS argument in /goform/WizardHandle; manipulating this input can cause a stack-based buffer...

CVE-2026-4960

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...