Lucene search
K

205 matches found

CNNVD
CNNVD
added 2026/06/11 12:0 a.m.18 views

TP-Link Tapo C110 格式化字符串错误漏洞

The TP-Link Tapo C110 is an indoor network camera produced by TP-Link Corporation. The TP-Link Tapo C110 v2 has a vulnerability related to formatted string handling. This vulnerability stems from improper processing of user control inputs in the ONVIF service. It is possible for authenticated...

8.1CVSS5.3AI score0.00463EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.10 views

CVE-2026-24091

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.5AI score0.00097EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 11:16 p.m.14 views

CVE-2026-24091

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS0.00097EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 10:5 p.m.32 views

CVE-2026-24091

Technical details about CVE-2026-24091 are not publicly available in the provided documents. Monitor for updates and new connected documents for affected products, versions, and fixes.

7.2CVSS5.8AI score0.00097EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/01 10:5 p.m.10 views

CVE-2026-24091

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.14 views

PT-2026-45646

Memory corruption while processing fastboot commands with improperly formatted input...

7.2CVSS5.8AI score0.00097EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Netatalk 格式化字符串错误漏洞

Netatalk is an open-source software developed by Netatalk Inc. It provides AFP file server functionality for Classic Mac OS and macOS on Unix-like operating systems. Versions 3.0.3 to 4.4.2 of Netatalk contain a vulnerability related to formatted string errors. This vulnerability arises from...

3.1CVSS5.8AI score0.00294EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.7 views

ZTE Cloud PC client uSmartView 格式化字符串错误漏洞

The ZTE Cloud PC client uSmartView is a cloud desktop remote access client software developed by ZTE Corporation. The ZTE Cloud PC client uSmartView has a vulnerability related to formatted strings. This vulnerability may lead to memory corruption and remote denial of service attacks...

7.5CVSS5.8AI score0.00274EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/27 12:0 a.m.10 views

Notepad++ 格式化字符串错误漏洞

Notepad++ is an open-source plain-text editor developed by Don Ho of Taiwan, China. Notepad++ has a vulnerability related to formatted string handling, which stems from string injection issues. This vulnerability may allow attackers to obtain memory address information or cause the application to...

6.6CVSS6AI score0.00224EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/04/24 2:44 p.m.4 views

CVE-2026-31630

In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AFRXRPC procfs helpers format local and remote socket addresses into fixed 50-byte stack buffers with "%pISpc". That is too small for the longest current-tree IPv6-with-port...

7.8CVSS5.4AI score0.00132EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/22 10:28 a.m.4 views

CVE-2026-5450

A flaw was found in glibc GNU C Library. This vulnerability occurs when an application uses the scanf family of functions with a %mc format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination c...

9.8CVSS5.7AI score0.00451EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/21 3:15 p.m.5 views

CVE-2025-41011 HTML injection in PHP Point Of Sale

HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specificcustomer', ussing 'startdateformatted' y 'enddateformatted'...

5.1CVSS5.8AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 3:15 p.m.18 views

CVE-2025-41011

CVE-2025-41011 — HTML injection in PHP Point of Sale v19.4 due to insufficient input validation in the /reports/generate/specific_customer endpoint (parameters: start_date_formatted, end_date_formatted). This allows rendering HTML in the victim’s browser. CVSS 4.0: Attack vector NETWORK; attack c...

6.1CVSS5.8AI score0.00158EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/21 12:0 a.m.6 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013222)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013222 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Array index may go out of bound Klocwork reports array 'vha-hoststr' of size 16 ma...

6.4AI score0.00173EPSS
Exploits0References4
NVD
NVD
added 2026/04/20 7:16 a.m.5 views

CVE-2026-6643

A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...

9.9CVSS0.00468EPSS
Exploits1References1
NVD
NVD
added 2026/04/09 8:16 p.m.8 views

CVE-2026-40087

LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prompt template classes accepted f-string templates and formatted them without enforcing the same...

5.3CVSS0.00262EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.9 views

Fortinet多款产品 格式化字符串错误漏洞

Fortinet FortiManager is a product of the American company Fortinet. Fortinet FortiManager is a centralized network security management platform. Fortinet FortiAnalyzer is a centralized network security reporting solution. Fortinet FortiManager Cloud is a cloud-based network management software...

7.2CVSS5.8AI score0.00571EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/03 1:48 a.m.38 views

CVE-2026-24108

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of nptr. When this value is passed into the getMibPrefix function and concatenated using sprintf without proper size validation, it could lead to a buffer overflow vulnerabilit...

9.8CVSS6.2AI score0.00649EPSS
Exploits1References1
CVE
CVE
added 2026/03/02 12:0 a.m.15 views

CVE-2026-24111

CVE-2026-24111 affects the Tenda W20E router (v4.0br_V15.11.0.6). The issue arises when the value of the parameter userInfo is passed to the function addAuthUser and handled by a call to sscanf without proper size validation, which can lead to a buffer overflow . The public descriptions consisten...

9.8CVSS6.3AI score0.00649EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 8:47 a.m.5 views

CVE-2025-23709

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in kiroro Formatted post formatted-post allows Reflected XSS.This issue affects Formatted post: from n/a through = 1.01...

7.1CVSS7.2AI score0.0036EPSS
Exploits0References1
Rows per page
Query Builder