EUVD-2026-22065

A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been public...

CVE-2026-5204

A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploi...

CVE-2026-5204

The CVE-2026-5204 entry concerns the Tenda CH22 1.0.0.1 device. Affected is the function formWebTypeLibrary within /goform/webtypelibrary of the Parameter Handler. The input argument webSiteId can be manipulated to trigger a stack-based buffer overflow, exposing the device to remote exploitation....

CVE-2026-3808

A vulnerability was detected in Tenda FH1202 1.2.0.14408. The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is no...

CVE-2026-3808 Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow

A vulnerability was detected in Tenda FH1202 1.2.0.14408. The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is no...

CVE-2026-3167

A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The...

CVE-2025-14572

The CVE-2025-14572 entry covers a memory-corruption vulnerability in UTT Progressive 512W devices (UTT 进取 512W) up to version 1.7.7-171114. The flaw resides in the /goform/formWebAuthGlobalConfig handler, where manipulating the hidcontact parameter can trigger memory corruption, enabling remote e...

Arbitrary File Upload

Overview com.liferay:com.liferay.dynamic.data.mapping.form.web is a Liferay Dynamic Data Mapping Form Web. Affected versions of this package are vulnerable to Arbitrary File Upload via the form attachment field without adequate validation. An attacker can upload files with obfuscated extensions a...

Files or Directories Accessible to External Parties

Overview com.liferay:com.liferay.dynamic.data.mapping.form.web is a Liferay Dynamic Data Mapping Form Web. Affected versions of this package are vulnerable to Files or Directories Accessible to External Parties via the DDMFormUploadFileEntryHandler. An attacker can access files uploaded through...

Uninitialized Memory Exposure

Overview com.liferay:com.liferay.dynamic.data.mapping.form.web is a Liferay Dynamic Data Mapping Form Web. Affected versions of this package are vulnerable to Uninitialized Memory Exposure due to insufficient permission checks in the doServeResource function in...

Contact Form With Captcha <= 1.6.2 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts...

PT-2020-2265 · Microsoft · Sharepoint Foundation +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to an unlimit...