CVE-2026-24109

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...

CVE-2026-24109

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...

CVE-2026-24109

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by controlling the value of picName. When this value is used in sprintf without validating variable sizes, it could lead to a buffer overflow vulnerability...

CVE-2026-24109

CVE-2026-24109 affects the Tenda W20E router firmware (V4.0br_V15.11.0.6). The issue is a buffer overflow caused by unsafely using the value of the variable picName in sprintf without validating its size, which may allow remote attackers to exploit via network access. Documented impacts are high ...

production_ssm 路径遍历漏洞

productionssm is an ERP system developed by MegaGao’s individual developers, utilizing technologies such as Spring+SpringMVC+Mybatis, along with jQuery EasyUI. The version 4288d53bd35757b27f2d070057aefb2c07bdd097 and earlier versions of productionssm have a path traversal vulnerability. This...

EUVD-2022-48580

Malicious code in bioql PyPI...

EUVD-2025-26146

Malicious code in bioql PyPI...

CVE-2025-9585

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

CVE-2025-9585 Comfast CF-N1 webmgnt wifilith_delete_pic_file command injection

A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilithdeletepicfile of the file /usr/bin/webmgnt. This manipulation of the argument portaldeletepicname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly...

COMFAST CF-N1 安全漏洞

COMFAST CF-N1 is a wireless router from China Four Seas Zonglian COMFAST. A security vulnerability exists in COMFAST CF-N1 version 2.6.0, which originates from a command injection due to incorrect operation of the parameter portaldeletepicname in the file /usr/bin/webmgnt...

CVE-2022-45721

IP-COM M50 V15.11.0.3310768 was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function...

CVE-2018-13025

protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter...

CVE-2023-38864

An issue in COMFAST CF-XR11 v.2.7.2 allows an attacker to execute arbitrary code via the protaldeletepicname parameter in the sub41171C function at bin/webmgnt...

COMFAST CF-XR11 命令注入漏洞

COMFAST CF-XR11 is a wireless router from COMFAST, China. A security vulnerability exists in COMFAST CF-XR11 version 2.7.2, which originates from an arbitrary code execution via the protaldeletepicname parameter in the sub41171C function of bin/webmgnt...

CVE-2023-27065

Tenda V15V1.0 V15.11.0.14152131901058 was discovered to contain a buffer overflow vulnerability via the picName parameter in the formDelWewifiPi function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

Tenda W15E 安全漏洞

Tenda W15E is a wireless router from Tenda China. A security vulnerability exists in the Tenda W15E V1.0 V15.11.0.14 152131901058 version, which stems from a discovery via the picName parameter in the formDelWewifiPi function that contains a buffer overflow vulnerability. An attacker could exploi...

PT-2023-20927 · Tenda · Tenda V15

Name of the Vulnerable Software and Affected Versions: Tenda V15 version V15.11.0.141521 3190 1058 Description: A buffer overflow issue was found, allowing attackers to cause a Denial of Service DoS via a crafted request. The issue is related to the picName parameter in the formDelWewifiPi...

CVE-2022-45721

IP-COM M50 V15.11.0.3310768 was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function...

CVE-2022-45721

IP-COM M50 V15.11.0.3310768 was discovered to contain a buffer overflow via the picName parameter in the formDelWewifiPic function...

CVE-2022-45721

The CVE-2022-45721 entry concerns IP-COM M50 firmware version 15.11.0.33(10768), where a buffer overflow can be triggered via the picName parameter in the formDelWewifiPic function. The vulnerability is documented with a high impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8)...