Lucene search
K

41224 matches found

NVD
NVD
added 2026/03/27 5:16 p.m.5 views

CVE-2026-4960

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

9CVSS0.00773EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 5:5 p.m.3 views

CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...

6.5CVSS6.3AI score0.00327EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:9 p.m.5 views

CVE-2026-4961

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

9CVSS7.9AI score0.00773EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/27 4:9 p.m.21 views

CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

9CVSS0.00773EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 4:9 p.m.2 views

CVE-2026-4961 Tenda AC6 POST Request QuickIndex formQuickIndex stack-based overflow

A vulnerability was identified in Tenda AC6 15.03.05.16. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack is possible ...

9CVSS7.9AI score0.00773EPSS
Exploits1References5
CVE
CVE
added 2026/03/27 4:9 p.m.19 views

CVE-2026-4961

CVE-2026-4961 affects the Tenda AC6 firmware version 15.03.05.16. The vulnerability is in the POST Request Handler’s file /goform/QuickIndex, specifically the formQuickIndex function. Manipulating the PPPOEPassword argument triggers a stack-based buffer overflow, enabling remote exploitation. Pub...

9CVSS7.9AI score0.00773EPSS
Exploits1References5Affected Software1
Cvelist
Cvelist
added 2026/03/27 4:9 p.m.19 views

CVE-2026-4960 Tenda AC6 POST Request WizardHandle fromWizardHandle stack-based overflow

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

9CVSS0.00773EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/03/27 4:9 p.m.7 views

CVE-2026-4960 Tenda AC6 POST Request WizardHandle fromWizardHandle stack-based overflow

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

9CVSS8AI score0.00773EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/27 4:9 p.m.3 views

CVE-2026-4960

A vulnerability was determined in Tenda AC6 15.03.05.16. Affected is the function fromWizardHandle of the file /goform/WizardHandle of the component POST Request Handler. Executing a manipulation of the argument WANT/WANS can lead to stack-based buffer overflow. The attack can be executed remotel...

9CVSS8AI score0.00773EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2026/03/27 4:9 p.m.14 views

CVE-2026-4960

The CVE-2026-4960 entry concerns Tenda AC6 firmware (15.03.05.16) with a vulnerability in the POST Request Handler’s WizardHandle component. Specifically, the fromWizardHandle function processes the WANT/WANS argument in /goform/WizardHandle; manipulating this input can cause a stack-based buffer...

9CVSS8AI score0.00773EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 3:31 p.m.3 views

CVE-2026-4959

A vulnerability was found in OpenBMB XAgent 1.0.0. This impacts the function checkuser of the file XAgentServer/application/websockets/share.py of the component ShareServer WebSocket Endpoint. Performing a manipulation of the argument interactionid results in missing authentication. Remote...

7.5CVSS5.5AI score0.0043EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/03/27 3:31 p.m.28 views

CVE-2026-4958 OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...

3.1CVSS0.00383EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/03/27 3:31 p.m.1 views

CVE-2026-4958

A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.onconnect/ReplayServer.senddata of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interactionid leads to authorization...

3.1CVSS5.4AI score0.00383EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16656

A vulnerability was detected in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. The affected element is an unknown function of the file /DevicePrint.do?Action=ReadTask of the component Parameter Handler. The manipulation of the argument State results in sql injection. The attack can be launch...

7.5CVSS6.9AI score0.00318EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/27 3:30 p.m.4 views

EUVD-2026-16654

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/27 3:30 p.m.3 views

EUVD-2026-16630

A security vulnerability has been detected in mingSoft MCMS 迄 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS5.7AI score0.00192EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 3:17 p.m.6 views

CVE-2026-4957

A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handletoolcall of the file XAgent/functionhandler.py of the component API Key Handler. This manipulation of the argument apikey causes sensitive information in log files. The attack may be initiate...

5.1CVSS0.0028EPSS
Exploits1References4
NVD
NVD
added 2026/03/27 3:17 p.m.8 views

CVE-2026-4955

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/03/27 3:17 p.m.9 views

CVE-2026-4954

A security vulnerability has been detected in mingSoft MCMS up to 5.5.0. Impacted is the function list of the file net/mingsoft/cms/action/web/ContentAction.java of the component Web Content List Endpoint. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit...

6.5CVSS0.00192EPSS
Exploits0References4
NVD
NVD
added 2026/03/27 3:17 p.m.7 views

CVE-2026-4953

A weakness has been identified in mingSoft MCMS up to 5.5.0. This issue affects the function catchImage of the file net/mingsoft/cms/action/BaseAction.java of the component Editor Endpoint. Executing a manipulation of the argument catchimage can lead to server-side request forgery. It is possible...

7.5CVSS0.00278EPSS
Exploits0References4
Rows per page
Query Builder