CVE-2026-3399

Affects Tenda F453 1.0.0.3. In the httpd component, the function fromGstDhcpSetSer in /goform/GstDhcpSetSer is vulnerable to a buffer overflow when the dips argument is manipulated. This can be triggered remotely and publicly available exploits exist. Multiple sources confirm impact and remote-ex...

CVE-2026-3398

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been...

EUVD-2026-9131

A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been...

CVE-2026-3379

A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

EUVD-2026-9115

A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2026-3379 Tenda F453 SetIpBind fromSetIpBind buffer overflow

A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

CVE-2026-3379

A vulnerability has been found in Tenda F453 1.0.0.3. This vulnerability affects the function fromSetIpBind of the file /goform/SetIpBind. The manipulation of the argument page leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be...

Tenda F453 安全漏洞

The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from incorrect handling of parameters “wanmode” and “PPPOEPassword” in the httpd component’s “goform/AdvSetWan” file, which may...

SUSE CVE-2026-27457

Weblate is a web based localization tool. Prior to version 5.16.1, the REST API's AddonViewSet weblate/api/views.py, line 2831 uses queryset = Addon.objects.all without overriding getqueryset to scope results by user permissions. This allows any authenticated user or anonymous users if REQUIRELOG...

CVE-2026-3273

The affected product is Tenda F453 1.0.0.3. The vulnerability lies in the httpd component, specifically the function formWrlsafeset in /goform/AdvSetWrlsafeset, where manipulating the mit_ssid_index argument causes a buffer overflow. This can be triggered remotely and a public exploit exists. No ...

SUSE CVE-2026-25952

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.23.0, xfSetWindowMinMaxInfo dereferences a freed xfAppWindow pointer because xfrailgetwindow in xfrailserverminmaxinfo returns an unprotected pointer from the railWindows hash table, and the main thread can...

MetaCPAN Net::CIDR::Set 安全漏洞

MetaCPAN Net::CIDR::Set is a library from the MetaCPAN Foundation. Versions of MetaCPAN Net::CIDR::Set prior to 0.24 contained a security vulnerability. This vulnerability stemmed from improper handling of leading zeros in IP CIDR addresses, which could lead to bypassing IP-based access controls...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libpng12 (SUSE-SU-2026:0599-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:0599-1 advisory. - CVE-2026-25646: heap buffer overflow vulnerability in pngsetdither/pngsetquantize bsc1258020. Tenable h...

Prototype Pollution

Overview dottie is a Fast and safe nested object access and manipulation in JavaScript Affected versions of this package are vulnerable to Prototype Pollution in the set and transform functions. An attacker can inject unauthorized properties into an object's prototype chain by supplying specially...

GHSA-R5MX-6WC6-7H9W dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()

Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...

dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()

Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...

GHSA-WPPC-7CQ7-CGFV Weblate: Missing access control for the AddonViewSet API exposes all addon configurations

Impact Users were able to obtain add-on configuration via API. Patches https://github.com/WeblateOrg/weblate/pull/18107 https://github.com/WeblateOrg/weblate/pull/18164 References Weblate thanks @lighthousekeeper1212 for responsible disclosure...

CVE-2026-26207

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, discourse-policy plugin allows any authenticated user to interact with policies on posts they do not have permission to view. The PolicyController loads posts by ID without verifying the current...

CVE-2026-27837

A flaw was found in dottie.js, a JavaScript library for nested object access and manipulation. An incomplete fix for a previous vulnerability allows a remote attacker to bypass prototype pollution protection by placing 'proto' at any position other than the first in a dot-separated path. This...

BIT-MONGODB-2026-1847 MongoDB Server may crash when inserting large documents

Inserting certain large documents into a replica set could lead to replica set secondaries not being able to fetch the oplog from the primary. This could stall replication inside the replica set leading to server crash...