CVE-2026-49941

Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit...

golang: net/url: Memory exhaustion in query parameter parsing in net/url

A flaw was found in the net/url package in the Go standard library. The package does not enforce a limit on the number of unique query parameters it parses. A Go application using the net/http.Request.ParseForm method will try to process all parameters provided in the request. A specially crafted...

CVE-2025-60695

A stack-based buffer overflow vulnerability exists in the mtkdut binary of Linksys E7350 routers Firmware 1.1.00.032. The function sub4045A8 reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and then copies it into caller-provided buffer a1 using strcpy without boundary...

PT-2025-46869

Name of the Vulnerable Software and Affected Versions Linksys E7350 Router versions 1.1.00.032 Description A stack-based buffer overflow exists in the mtk dut binary. The sub 4045A8 function reads up to 256 bytes from /sys/class/net/%s/address into a local buffer and copies it into a...

Tenda F3 macFilterList Parameter Buffer Overflow Vulnerability

Tenda F3 is a 300M wireless router launched on May 15, 2015 by Shenzhen Jixiang Tenda Technology Co. Tenda F3 suffers from a buffer overflow vulnerability, which stems from the goform/setNAT file macFilterList parameter failing to properly validate the length size of the input data, which can be...