CVE-2026-2180

The CVE-2026-2180 entry affects Tenda RX3 (version 16.03.13.11). A stack-based buffer overflow is triggered in the file path /goform/fast_setting_wifi_set (also reported as /goform/fast setting wifi set) by manipulating the ssid_5g/ssid 5g argument. This vulnerability can be exploited remotely, w...

CVE-2025-71112

The CVE-2025-71112 entry concerns the Linux kernel net/hns3 VLAN handling. A VLAN ID may be used without validation when receiving a VLAN configuration mailbox from a VF, because vlan_del_fail_bmap length (BITS_TO_LONGS(VLAN_N_VID)) can permit out-of-bounds access if the VLAN ID is >= VLAN_N_V...

PT-2025-50653

Name of the Vulnerable Software and Affected Versions Ruijie X30-PRO version X30-PRO-V1 09241521 Description An OS Command Injection issue exists in Ruijie X30-PRO version X30-PRO-V1 09241521. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module set...

Tenda AC6 安全漏洞

Tenda AC6 is a dual-band wireless router from Tenda that supports 2.4GHz and 5GHz bands with a maximum transmission rate of 1167Mbps. The Tenda AC6 suffers from a command injection vulnerability that stems from the formSetIptv function not validating or cleaning up special characters when handlin...

ERC20Permit should include chainId and address to avoid replay attacks

Lines of code Vulnerability details Impact This ensures a signature is only used for our given token contract address on the correct chain id. The chain id was introduced to exactly identify a network after the Ethereum Classic fork which continued to use a network id of 1. Include the chainId to...

openstack-manila: User with share-network UUID is able to show, create and delete shares

An access flaw was found in openstack-manila, where the API did not validate the user/project on commands. A malicious user having the UUID of a share-network could view, update, delete, or share resources that did not belong to them. Attackers could also create resources on shared networks for...