567 matches found
CVE-2026-29510
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
CVE-2026-29510
CVE-2026-29510 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. The vulnerability is a stored XSS in the Device Name field via the System Status interface, where unsanitized input can be injected and executed in users’ browsers viewing the status page. Root cause: input not properly saniti...
CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
PT-2026-25781
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...
Hereta ETH-IMC408M 跨站脚本漏洞
The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the Device Name field, which could lead to...
CVE-2026-32705
Summary: The CVE affects the PX4 autopilot BST telemetry driver. Before version 1.17.0-rc2, the BST device can report an oversized dev_name_len, and the driver writes a string terminator without bounds, causing a stack overflow that can crash the task or enable code execution. Root cause: device-...
EUVD-2026-12148
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...
PT-2026-25388
PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev name len, causing a stack overflow in the driver and crashing the task o...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005751)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005751 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 driver core:...
CVE-2026-2872
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...
CVE-2026-2886
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...
CVE-2026-2886
A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...
CVE-2026-2872
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...
CVE-2026-2872
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...
CVE-2026-2872 Tenda A21 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow
A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...
CVE-2026-2872
CVE-2026-2872 affects the Tenda A21 (firmware 1.0.0.0) via the MAC Filtering Configuration Endpoint. Affects the /goform/setBlackRule function set_device_name; manipulating the devName/mac argument triggers a stack-based buffer overflow. The vulnerability can be exploited remotely; public exploit...