Tenda TX3 setNetControllist function buffer overflow vulnerability

Tenda TX3 is a wireless router from Tenda, a Chinese company. A buffer overflow vulnerability exists in Tenda TX3 16.03.13.11multi, which originates when the parameter list of goform /setNetControllist fails to correctly validate the length of the input data, and can be exploited by an attacker t...

Tenda tx3 Buffer Overflow Vulnerability

The Tenda tx3 is a wireless router from the Chinese company Tenda. The Tenda tx3 suffers from a buffer overflow vulnerability that originates from the parameter list of goform/setpptpuserlist failing to properly validate the length size of the input data, which can be exploited by an attacker to...

The vulnerability of the System Management Mode (SMM) mode of AMD microprogramming software allows a hacker to execute arbitrary code.

The vulnerability of the System Management Mode SMM mode of AMD microprogramming processor software is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

CVE-2025-26702

CVE-2025-26702 affects ZTE GoldenDB (versions 6.1.03 through 6.1.03.04). The issue is an improper input validation vulnerability that allows input data manipulation. CVSSv3.1 vectors indicate network attack with no authentication, low attack complexity, and high impact on availability (base score...

The vulnerability of the AngularJS JavaScript framework for developing single-page applications stems from improper checking of input data’s security equivalence. This allows attackers to circumvent existing security restrictions and perform spear-phishing attacks.

The vulnerability of the AngularJS JavaScript framework for developing single-page applications is related to improper checking of unsafe equivalence of input data. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions and execute arbitrary code...

The vulnerability of the MongoDB database management system, related to improper validation of consistency in input data, allows a attacker to cause service failures.

The vulnerability of the MongoDB database management system is related to improper validation of consistency in input data during index processing with the PrepareUnique parameter. Exploiting this vulnerability allows an attacker to cause service failures remotely...

The vulnerability of UEFI microprogramming systems in Intel processors allows attackers to enhance their privileges.

The vulnerability of UEFI microprogramming systems of Intel processors is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of UEFI microprogramming systems of Intel processors allows a hacker to gain unauthorized access to protected information.

The vulnerability of Intel UEFI microprogramming systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

log4j-core: DoS in log4j 2.x with thread context message pattern and context lookup pattern (incomplete fix for CVE-2021-44228)

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.16.0. A remote attacker with control over Thread Context Map MDC input data could craft malicious input using a JNDI Lookup pattern resulting in remote code execution RCE in a limited number of environments...

The vulnerabilities of the x86/mtrr components in the Linux operating system’s kernel allow a hacker to trigger a service failure.

The vulnerability of the x86/mtrr components in the Linux operating system’s kernel is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the iio component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the iio component in the Linux operating system’s kernel is related to improper validation of input data in the afe4403readraw function. Exploiting this vulnerability can allow an attacker to cause service failures...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the deserialize method, when handling untrusted XML data, which may contain external entity references. Details XXE Injection is a type of attack against an application that parses XML input. XML is...

The vulnerability of the Linux operating system’s kernel components, which allows a hacker to cause a service failure

The vulnerability of the Linux operating system’s kernel components is related to insufficient checking of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Linux operating system’s kernel Wi-Fi component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel Wi-Fi component is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures...

Adobe Illustrators stack buffer overflow vulnerability (CNVD-2025-06309)

Adobe Illustrator is a professional vector graphic design software developed by Adobe, widely used in graphic design, illustration creation, web design and other fields. A stack buffer overflow vulnerability exists in Adobe Illustrators in versions 29.1, 28.7.3 and earlier. The vulnerability is...

The vulnerability of the Kerberos protocol for Windows operating systems allows a perpetrator to induce a service failure.

The vulnerability of the Kerberos protocol for Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

The vulnerability of the gtp_newlink() function in the drivers/net/gtp.c module of Linux kernel allows a hacker to cause a service failure.

The vulnerability of the gtpnewlink function in the drivers/net/gtp.c file of the Linux kernel is related to an improper representation of the list of network devices, resulting from insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failur...

The vulnerability of the fs/ntfs3 components in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the bpf component in the Linux operating system’s kernel is related to incorrect validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-7419

The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it possible for unauthenticated attackers to...

CVE-2022-2502

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must ...