JLSEC-2026-317

HDF5 Library through 1.14.3 contains a out-of-bounds read operation in H5FLarrmalloc in H5FL.c called from H5Ssetextentsimple in H5S.c...

CVE-2026-2180

A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fastsettingwifiset. Such manipulation of the argument ssid5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used...

PT-2025-44950

The Import Export For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update setting function in all versions up to, and including, 1.6.2. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-63458

Affected software: Tenda AX-1803 v1.0.0.1. Vulnerability: stack overflow via the timeZone parameter in the form_fast_setting_wifi_set function. Impact: Denial of Service (DoS) from a crafted request. Root cause: input length validation issue causing stack overflow. Exploitation: not detailed in t...

EUVD-2022-50837

Malicious code in bioql PyPI...

EUVD-2022-52355

Malicious code in bioql PyPI...

CVE-2022-48124

TOTOlink A7100RU V7.4cu.2313B20191024 was discovered to contain a command injection vulnerability via the FileName parameter in the setting/setOpenVpnCertGenerationCfg function...

CVE-2022-30473

Tenda AC Series Router AC18V15.03.05.196318 has a stack-based buffer overflow vulnerability in function formfastsettingwifiset...

CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formfastsettingwifiset...

CVE-2017-18372

The Billion 5200W-T TCLinux Fw $7.3.8.0 v008 130603 router distributed by TrueOnline has a command injection vulnerability in the Time Setting function, which is only accessible by an authenticated user. The vulnerability is in the toolstime.asp page and can be exploited through the...

Tenda AC7 安全漏洞

Tenda AC7 is a wireless router from Tenda, a Chinese company. The Tenda AC7 suffers from a buffer overflow vulnerability that originates from the timeZone parameter of the formfastsettingwifiset function failing to properly validate the length of the input data, which can be exploited by an...

CVE-2024-13315

The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...

PT-2024-31184 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is a stack overflow that occurs via the serverName parameter in the form fast setting internet set function. Recommendations: For Tenda AX1806 version 1.0.0.1, as a temporary workaround,...

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

CVE-2024-24506

Cross Site Scripting XSS vulnerability in Lime Survey Community Edition Version v.5.3.32+220817, allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function...

CVE-2024-24506

LimeSurvey Community Edition 5.3.32+220817 contains a Cross-Site Scripting (XSS) vulnerability in the General Setting function via the Administrator email address parameter. Exploitation can allow remote execution of scripts in a victim’s browser, potentially enabling session/cookie theft or cred...

CVE-2024-28551

Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the ssid parameter of formfastsettingwifiset function...

CVE-2023-49044

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function formfastsettingwifiset...

CVE-2023-27926

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...

Cross site scripting

Cross-site scripting vulnerability in Profile setting function of VK All in One Expansion Unit 9.88.1.0 and earlier allows a remote authenticated attacker to inject an arbitrary script...