Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to xmldom (CVE-2026-41672, CVE-2026-41673, CVE-2026-41674 & CVE-2026-41675)

Summary IBM App Connect Enterprise Connector Discovery and OpenAPI Editor, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise runtime are vulnerable to multiple vulnerabilities due to xmldom. Vulnerability Details CVEID:CVE-2026-41672 DESCRIPTION: xmldom is a pure...

CVE-2026-36786

Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36789

Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36793

The CVE-2026-36793 entry concerns Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204). The vulnerability comprises multiple stack overflows in the formwrlSSIDset function triggered via the mit_ssid and mis_ssid_index parameters, leading to Denial of Service through a crafte...

CVE-2026-36784

The CVE-2026-36784 entry concerns Shenzhen Tenda Technology Co. Ltd’s Tenda O3 Wireless Router (firmware v1.0.0.5(4180)). The issue is a stack overflow in the ip parameter of the fromNetToolGet function, which allows a Denial of Service via a crafted HTTP request. Connected documents confirm the ...

CVE-2026-36794

The CVE-2026-36794 entry concerns Shenzhen Tenda Technology Co., Ltd W3 Wireless Router version 1.0.0.3(2204). The vulnerability is described as multiple stack overflows in the R7WebsSecurityHandler function triggered via the username and password parameters, enabling a Denial of Service through ...

CVE-2026-36796

Tenda G0 firmware v15.11.0.5 from Shenzhen Tenda Technology Co. contains a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function, leading to a Denial of Service via a crafted HTTP request. This summary is based on CVE-2026-36796 entries from NVD and CVE listings. The...

PT-2026-48181

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, s2, s1 00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted...

PT-2026-48188

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36791

The CVE-2026-36791 issue affects Shenzhen Tenda Technology Co., Ltd’s Tenda O3v3 v1.0.0.5. A stack overflow in the save_list_data parameter of the formSetCfm function is described, enabling a Denial of Service (DoS) via a crafted HTTP request. The connected sources provide the same vulnerability ...

CVE-2026-36792

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36798

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36791

Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the savelistdata parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36783

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36778

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

CVE-2026-36770

CVE-2026-36770 affects Shenzhen Tenda Technology Co. device: Tenda US_W3V1.0BR v1.0.0.3. The vulnerability is a stack overflow in the Go parameter of the ask_to_reboot function, leading to Denial of Service through a crafted input. CVSS v3.1 base score is 7.5 (Network attack, Low attack complexit...

CVE-2026-36779

The CVE-2026-36779 entry concerns Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180). The vulnerability is described as multiple stack overflows in the fromVirtualSer function triggered via the parameters puVar2, puVar1, __s2, __s1_00, and puVar3, leading to a Denial of Se...

PT-2026-47931

Stack-based buffer overflow in Windows DHCP Client allows an unauthorized attacker to execute code over a network...

PT-2026-47851

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes...

PT-2026-48176

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wl radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...