3866 matches found
CVE-2026-3168
CVE-2026-3168 affects Tenda F453 version 1.0.0.3. The flaw is in the httpd component’s fromNatStaticSetting function (file /goform/NatStaticSetting). Manipulating the argument page can cause a buffer overflow. The issue may be exploitable remotely and public exploits exist. CVSS-derived metrics i...
CVE-2026-27615
ADB Explorer is a fluent UI for ADB on Windows. In versions prior to Beta 0.9.26022, ADB-Explorer allows the ManualAdbPath settings variable, which determines the path of the ADB binary to be executed, to be set to a Universal Naming Convention UNC path in the application's settings file. This...
PT-2026-21883
Name of the Vulnerable Software and Affected Versions Tenda F453 version 1.0.0.3 Description A flaw exists in the Tenda F453 router’s httpd component. Specifically, the fromNatStaticSetting function, accessible via the /goform/NatStaticSetting API endpoint, is susceptible to a buffer overflow. Th...
Tenda F453 安全漏洞
The Tenda F453 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.3 of the Tenda F453 contains a security vulnerability. This vulnerability stems from the improper handling of the page parameter in the fromNatStaticSetting function within the httpd component or the...
Malicious code in modify-setting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48505e42b99b10152a5e8587fc88350de886a6ff02ca5b70ada3d90c9a7e980f The package modify-setting was found to contain malicious code. Source: ghsa-malware 3420a3d9050f94ba247ff8853e7a7f98ee33ca16a7beda959c53463992b65c24...
Malicious Package
Overview modify-setting is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...
MAL-2026-1010 Malicious code in modify-setting (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48505e42b99b10152a5e8587fc88350de886a6ff02ca5b70ada3d90c9a7e980f The package modify-setting was found to contain malicious code. Source: ghsa-malware 3420a3d9050f94ba247ff8853e7a7f98ee33ca16a7beda959c53463992b65c24...
CVE-2025-70043
An issue pertaining to CWE-295: Improper Certificate Validation was discovered in Ayms node-To master. The application disables TLS/SSL certificate validation by setting 'rejectUnauthorized': false in TLS socket options...
Zyxel VMG3625-T50B和Zyxel WX3100-T0 代码问题漏洞
Both Zyxel VMG3625-T50B and Zyxel WX3100-T0 are products of the Chinese company Zyxel. Zyxel VMG3625-T50B is a Wi-Fi device. Zyxel WX3100-T0 is a wireless bridge. There are code vulnerabilities in versions of Zyxel VMG3625-T50B 5.50ABPM.9.6C0 and earlier, as well as Zyxel WX3100-T0 5.50ABVL.4.8C0...
CVE-2026-2874
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-2884 D-Link DWR-M960 WAN Interface Setting formWanConfigSetup sub_41914C stack-based overflow
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible...
CVE-2026-2884
A vulnerability was identified in D-Link DWR-M960 1.01.07. The affected element is the function sub41914C of the file /boafrm/formWanConfigSetup of the component WAN Interface Setting Handler. The manipulation of the argument submit-url leads to stack-based buffer overflow. The attack is possible...
CVE-2026-2874
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-2874
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-2874 Tenda A21 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-2874
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-2874 Tenda A21 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow
A flaw has been found in Tenda A21 1.0.0.0. Impacted is the function formfastsettingwifiset of the file /goform/fastsettingwifiset. Executing a manipulation of the argument ssid can lead to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published a...
CVE-2026-27469
Isso is a lightweight Python/JavaScript commenting server affected by a stored XSS in commits prior to 0afbfe0691ee237963e8fb0b2ee01c9e55ca2144. The vulnerability affects the website field and author comments because quotes were not properly escaped; the frontend inserts the website value into a ...
CVE-2026-26046 Moodle: moodle: improper input sanitization in tex filter administration setting
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator coul...
CVE-2026-26046 Moodle: moodle: improper input sanitization in tex filter administration setting
A vulnerability was found in a Moodle TeX filter administrative setting where insufficient sanitization of configuration input could allow command injection. On sites where the TeX filter is enabled and ImageMagick is installed, a maliciously crafted setting value entered by an administrator coul...