Lucene search
K

567 matches found

NVD
NVD
added 2026/03/16 6:16 p.m.5 views

CVE-2026-29510

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS0.00138EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 4:56 p.m.23 views

CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS0.00138EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 4:56 p.m.24 views

CVE-2026-29510

CVE-2026-29510 affects Hereta ETH-IMC408M firmware 1.0.15 and earlier. The vulnerability is a stored XSS in the Device Name field via the System Status interface, where unsanitized input can be injected and executed in users’ browsers viewing the status page. Root cause: input not properly saniti...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/16 4:56 p.m.4 views

CVE-2026-29510 Hereta ETH-IMC408M Stored XSS via Device Name

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.12 views

PT-2026-25781

Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execut...

5.1CVSS5.8AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.6 views

Hereta ETH-IMC408M 跨站脚本漏洞

The Hereta ETH-IMC408M is an Ethernet switch device produced by the Hereta company in the United States. Versions of Hereta ETH-IMC408M prior to 1.0.15 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper cleaning of the Device Name field, which could lead to...

5.4CVSS5.6AI score0.00138EPSS
Exploits0References3
CVE
CVE
added 2026/03/13 9:15 p.m.9 views

CVE-2026-32705

Summary: The CVE affects the PX4 autopilot BST telemetry driver. Before version 1.17.0-rc2, the BST device can report an oversized dev_name_len, and the driver writes a string terminator without bounds, causing a stack overflow that can crash the task or enable code execution. Root cause: device-...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/13 9:15 p.m.4 views

EUVD-2026-12148

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1
OSV
OSV
added 2026/03/13 9:15 p.m.4 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/13 9:15 p.m.33 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS0.00267EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/13 9:15 p.m.2 views

CVE-2026-32705 PX4 autopilot BST Device Name Length Can Overflow Driver Buffer

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized devnamelen, causing a stack overflow in the driver and crashing the task or...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.8 views

PT-2026-25388

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, the BST telemetry probe writes a string terminator using a device-provided length without bounds. A malicious BST device can report an oversized dev name len, causing a stack overflow in the driver and crashing the task o...

6.8CVSS5.9AI score0.00267EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2026/03/05 12:0 a.m.6 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005751)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005751 advisory. In the Linux kernel, the following vulnerability has been resolved: MIPS: vpe-mt: fix possible memory leak while module exiting Afer commit 1fa5ae857bb1 driver core:...

5.5CVSS5.6AI score0.00149EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/02/22 7:11 p.m.11 views

CVE-2026-2872

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...

9CVSS8.5AI score0.00568EPSS
Exploits1References1
NVD
NVD
added 2026/02/21 9:16 p.m.11 views

CVE-2026-2886

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...

9CVSS0.00556EPSS
Exploits1References5
OSV
OSV
added 2026/02/21 9:16 p.m.6 views

CVE-2026-2886

A weakness has been identified in Tenda A21 1.0.0.0. This affects the function setdevicename of the file /goform/SetOnlineDevName. This manipulation of the argument devName causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to t...

8.8CVSS6.3AI score0.00556EPSS
Exploits1References5
OSV
OSV
added 2026/02/21 4:16 p.m.6 views

CVE-2026-2872

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...

8.8CVSS6.3AI score0.00568EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/21 4:2 p.m.6 views

CVE-2026-2872

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...

9CVSS6.1AI score0.00568EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/02/21 4:2 p.m.28 views

CVE-2026-2872 Tenda A21 MAC Filtering Configuration Endpoint setBlackRule set_device_name stack-based overflow

A security vulnerability has been detected in Tenda A21 1.0.0.0. This vulnerability affects the function setdevicename of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. Such manipulation of the argument devName/mac leads to stack-based buffer overflow. The...

9CVSS0.00568EPSS
Exploits1References5
CVE
CVE
added 2026/02/21 4:2 p.m.15 views

CVE-2026-2872

CVE-2026-2872 affects the Tenda A21 (firmware 1.0.0.0) via the MAC Filtering Configuration Endpoint. Affects the /goform/setBlackRule function set_device_name; manipulating the devName/mac argument triggers a stack-based buffer overflow. The vulnerability can be exploited remotely; public exploit...

9CVSS6.1AI score0.00568EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder