CVE-2026-7057 Tenda F456 httpd setcfm buffer overflow

A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been published a...

REDAXO has reflected XSS backend packages API via function parameter (CSRF token required)

Summary A reflected XSS vulnerability has been identified in the REDAXO backend. The function parameter is concatenated into an API error message and rendered without HTML escaping. --- Details Root cause User input function is injected into an exception message, then rendered by rexview::error...

CVE-2025-45059

D-Link DI-8300 (firmware v16.07.26A1) is affected by a buffer overflow in the tgfile_htm function’s fn parameter, enabling a crafted input to trigger a Denial of Service. The issue is documented across CVE-2025-45059 and ENISA EUVD-2025-209311; no patch/version or remediation details are provided...

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

CVE-2026-26723

Cross Site Scripting vulnerability in Key Systems Inc Global Facilities Management Software v. 20230721a allows a remote attacker to execute arbitrary code via the function parameter...

CVE-2020-37142

10-Strike Network Inventory Explorer 8.54 contains a structured exception handler buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting SEH records. Attackers can craft a malicious payload targeting the 'Computer' parameter during the 'Add' function to trigg...

EUVD-2021-20477

Malware in sbrugna...

EUVD-2025-24012

Malicious code in bioql PyPI...

EUVD-2025-4498

Malicious code in bioql PyPI...

CVE-2025-57528

An issue was discovered in Tenda AC6 USAC6V1.0BRV15.03.05.16multiTD01 allowing attackers to cause a denial of service via the funcname, funcpara1, funcpara2 parameters to the formSetCfm function uri path: SetCfm...

CVE-2025-5865

A vulnerability was found in RT-Thread 5.1.0. It has been rated as critical. Affected by this issue is the function sysselect of the file rt-thread/components/lwp/lwpsyscall.c of the component Parameter Handler. The manipulation of the argument timeout leads to memory corruption. The vendor...

CVE-2025-45857

EDIMAX CV7428NS v1.20 was discovered to contain a remote code execution RCE vulnerability via the command parameter in the mp function...

Tenda i12 安全漏洞

The Tenda i12 is an enterprise commercial high power AP wireless access point. The Tenda i12 formSetCfm handles a buffer overflow vulnerability in the funcpara1 parameter, which can be exploited by a remote attacker to submit a special request that can crash the application and cause a denial of...

Updated cjson packages fix security vulnerability

cJSON was discovered to contain a segmentation violation, which can trigger through the second parameter of function cJSONSetValuestring at cJSON.c. CVE-2024-31755...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check for null values before passing a variable to a function...

CVE-2024-2763

A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The...

Stimulsoft GmbH Stimulsoft Dashboard.JS security vulnerability

Stimulsoft GmbH Stimulsoft Dashboard.JS is a powerful dashboard development tool from Stimulsoft. A security vulnerability exists in Stimulsoft GmbH Stimulsoft Dashboard.JS versions prior to v.2024.1.2. An attacker can exploit this vulnerability to execute arbitrary code via a specially crafted...

EyouCms Cross-Site Scripting Vulnerability

Zanzan Network Technology EyouCms Eyou CMS is an open source content management system CMS based on ThinkPHP by China Zanzan Network Technology. A cross-site scripting vulnerability exists in EyouCms v.1.6.5, which stems from a cross-site scripting vulnerability in the func parameter that allows ...

Upgraded Q -> 2 from #776 [1701452999417]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

Swapped parameters when calling createEscrow()

Lines of code Vulnerability details Impact getEscrowAddress returns the wrong WildcatSanctionsEscrow. Borrower can steal lender's escrowed funds. Proof of concept createEscrow and getEscrowAddress both take the parameters borrower, account, asset, in that order, as defined in...