PT-2026-22611

Name of the Vulnerable Software and Affected Versions Tenda W20E version 4.0br V15.11.0.6 Description A buffer overflow issue exists in the addWewifiWhiteUser function of Tenda W20E routers. The issue is related to out-of-bounds write access within the userInfo parameter. Exploitation could allow...

CVE-2026-24111

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addAuthUser function and processed by sscanf without size validation, it could lead to buffer overflow...

CVE-2026-24112

An issue was discovered in Tenda W20E V4.0brV15.11.0.6. Attackers may exploit the vulnerability by specifying the value of userInfo. When userInfo is passed into the addWewifiWhiteUser function and processed by sscanf without size validation, it could lead to a buffer overflow vulnerability...

CVE-2019-12730

aareadheader in libavformat/aadec.c in FFmpeg before 3.2.14 and 4.x before 4.1.4 does not check for sscanf failure and consequently allows use of uninitialized variables...

CVE-2026-0640 Tenda AC23 PowerSaveSet sscanf buffer overflow

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could ...

CVE-2026-0640 Tenda AC23 PowerSaveSet sscanf buffer overflow

A weakness has been identified in Tenda AC23 16.03.07.52. This affects the function sscanf of the file /goform/PowerSaveSet. Executing a manipulation of the argument Time can lead to buffer overflow. The attack can be launched remotely. The exploit has been made available to the public and could ...

CVE-2025-15356

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2025-15356 Tenda AC20 PowerSaveSet sscanf buffer overflow

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2025-15356 Tenda AC20 PowerSaveSet sscanf buffer overflow

A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The impacted element is the function sscanf of the file /goform/PowerSaveSet. The manipulation of the argument powerSavingEn/time/powerSaveDelay/ledCloseType leads to buffer overflow. The attack can be initiated remotely. The exploit...

CVE-2025-15356

The vulnerability CVE-2025-15356 affects Tenda AC20 routers (firmware up to 16.03.08.12). The issue is in the sscanf call in /goform/PowerSaveSet, where improper handling of the arguments powerSavingEn, time, powerSaveDelay, and ledCloseType can lead to a buffer overflow. Remote exploitation is p...

SUSE CVE-2023-54057

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

CVE-2023-54057

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

CVE-2023-54057

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

CVE-2023-54057 iommu/amd: Add a length limitation for the ivrs_acpihid command-line parameter

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Add a length limitation for the ivrsacpihid command-line parameter The 'acpiid' buffer in the parseivrsacpihid function may overflow, because the string specifier in the format string sscanf has no width limitation...

PT-2025-53055

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The parse ivrs acpihid function in the Linux kernel contains a buffer overflow issue due to a missing width limitation in the sscanf format string specifier when handling the acpiid...

CVE-2025-41732

An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...

CVE-2025-41730

An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkaccount function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...

CVE-2025-41732

An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...

CVE-2025-41732

An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkcookie function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...

CVE-2025-41730

An unauthenticated remote attacker can abuse unsafe sscanf calls within the checkaccount function to write arbitrary data into fixed-size stack buffers which leads to full device compromise...