PT-2026-50969

Name of the Vulnerable Software and Affected Versions Tenda AC7 version 15.03.06.44 Description A stack buffer overflow exists in the '/goform/AdvSetMacMtuWan' endpoint. This issue occurs when processing the wanSpeed parameter, which can lead to remote arbitrary code execution. Recommendations At...

CVE-2026-2202 Tenda AC8 httpd WifiGuestSet fromSetWifiGusetBasic buffer overflow

A vulnerability was detected in Tenda AC8 16.03.33.05. Affected is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet of the component httpd. The manipulation of the argument shareSpeed results in buffer overflow. The attack may be launched remotely. The exploit is now public and...

CVE-2025-71019

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the wanSpeed parameter of the sub65B5C function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

CVE-2019-25280

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

CVE-2019-25280

Yahei-PHP Prober 0.4.7 contains a remote HTML injection (XSS) in the speed parameter of prober.php. The vulnerability arises from unvalidated input in the speed GET parameter, allowing an attacker to inject arbitrary HTML that can execute in a user’s browser. Affected software: Yahei-PHP Prober, ...

CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

CVE-2019-25280 Yahei-PHP Prober 0.4.7 Remote HTML Injection via Speed Parameter

Yahei-PHP Prober 0.4.7 contains a remote HTML injection vulnerability that allows attackers to execute arbitrary HTML code through the 'speed' GET parameter. Attackers can inject malicious HTML code in the 'speed' parameter of prober.php to trigger cross-site scripting in user browser sessions...

PT-2026-1678

Name of the Vulnerable Software and Affected Versions Yahei-PHP Prober version 0.4.7 Description The software contains a remote HTML injection issue that enables attackers to execute arbitrary HTML code. This is achieved by injecting malicious HTML code into the speed GET parameter of the...

CVE-2025-34310 IPFire < v2.29 Stored XSS via Quality of Service (QoS) Settings

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the INCSPD, OUTSPD, DEFCLASSINC, and DEFCLASSOUT parameters when updating Quality of Service QoS settings. When a...

CVE-2025-60662

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function...

CVE-2025-60662

Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the wanSpeed parameter in the fromAdvSetMacMtuWan function...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm/smu11: Prevent division by zero The user can set any speed value. If the speed is greater than UINTMAX/8, division by zero is possible. Found by the Linux Verification Center linuxtesting.org with SVACE. Cherry-picked...

UBUNTU-CVE-2024-43359

ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder has a cross-site scripting vulnerability in the montagereview via the displayinterval, speed, and scale parameters. This vulnerability is fixed in 1.36.34 and 1.37.61...

CVE-2023-45484

Tenda AC10 version USAC10V4.0siV16.03.10.13cn was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGuestBasic...

CVE-2023-27239

Tenda AX3 V16.03.12.11 was discovered to contain a stack overflow via the shareSpeed parameter at /goform/WifiGuestSet...

CVE-2022-45646

Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the limitSpeedUp parameter in the formSetClientState function...

CVE-2022-24151

Tenda AX3 v16.03.12.10CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service DoS via the shareSpeed parameter...