PT-2026-48202

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36793

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mitssid and misssidindex parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36805

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48319

Name of the Vulnerable Software and Affected Versions Spring Data MongoDB versions 5.0.0 through 5.0.5 Spring Data MongoDB versions 4.5.0 through 4.5.11 Spring Data MongoDB versions 4.4.0 through 4.4.14 Spring Data MongoDB versions 4.3.0 through 4.3.16 Spring Data MongoDB versions 4.2.0 through...

PT-2026-48183

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a HTTP request...

PT-2026-48194

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48312

Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to break out of the intended regular expression quoting. Affected versions: Spring Data MongoDB 5.0.0...

PT-2026-47770

WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract...

PT-2026-48190

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-47763

Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attackers can access the admin interface and supply crafted SQL statements in the message parameter to...

CVE-2026-36783

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48211

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

PT-2026-48177

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

CVE-2026-36792

CVE-2026-36792 affects Shenzhen Tenda Technology Co. Ltd. Tenda W3 Wireless Router v1.0.0.3(2204). A stack overflow in the wl_radio parameter of the formWifiRadioSet function can cause a Denial of Service via a crafted HTTP request. The entry notes a CVSSv3.1 base score of 7.5 (HIGH) with network...

MongoDB Server 安全漏洞

MongoDB Server is an open-source NoSQL database developed by MongoDB, a US-based company. This database offers features such as collection-oriented storage, dynamic querying, data replication, and automatic failover. There is a security vulnerability in MongoDB Server, which stems from the abilit...

Tenda W15E 安全漏洞

The Tenda W15E is a wireless router produced by the Chinese company Tenda. The version 15.11.0.10 of the Tenda W15E contains a security vulnerability. This vulnerability stems from a buffer overflow in the webAuthWhiteID parameter within the formModifyWebAuthWhiteUser function, which could allow...

CVE-2026-36784

CVE-2026-36784 affects Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180). The issue is a stack overflow in the ip parameter of the fromNetToolGet function, enabling a Denial of Service (DoS) via an HTTP request. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) yi...

Tenda W20E 安全漏洞

The Tenda W20E is a router produced by the Chinese company Tenda. The version 15.11.0.6 of the Tenda W20E contains a security vulnerability. This vulnerability stems from a buffer overflow in the macAddr parameter of the formDelStaState function, which could allow attackers to cause...

PT-2026-47634

Name of the Vulnerable Software and Affected Versions Enable Media Replace versions prior to 4.1.9 Description Insufficient input sanitization and output escaping in the Enable Media Replace plugin for WordPress allow authenticated attackers with Author-level access or higher to perform Stored...

CVE-2026-36815

The issue: Shenzhen Tenda Technology Co. W15E (firmware v15.11.0.10) contains a buffer overflow in the hostname parameter of the function formSetNetCheckTools. Root cause: unvalidated/overlong hostname input leads to memory corruption. Impact: Denial of Service via a crafted HTTP request (no auth...