VYPR

CVEs

38,011 total · page 18 of 761

  • CVE-2026-36815HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36813HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36811HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36810HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36809HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36808HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36807HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36806HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36805HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36803HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36802HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36801HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36800HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36799HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36797HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36796HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36794HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS)…

  • CVE-2026-36793HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mit_ssid and mis_ssid_index parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS)…

  • CVE-2026-36792HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36791HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36784HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a HTTP request.

  • CVE-2026-36783HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

  • CVE-2026-36779HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of…

  • CVE-2026-36771HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-36770HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2026-36723HigJun 9, 2026
    risk 0.57cvss 8.8epss 0.01

    An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables…

  • CVE-2026-36720HigJun 9, 2026
    risk 0.53cvss 8.1epss 0.00

    Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.

  • CVE-2026-36719HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs.

  • CVE-2025-55657HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2025-52293HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS data.

  • CVE-2025-52292HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.01

    A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.

  • CVE-2023-43688HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.

  • CVE-2023-29146HigJun 9, 2026
    risk 0.53cvss 8.2epss 0.00

    The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers…

  • CVE-2026-50636HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.00

    The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUninvited(), which concatenates the values directly into a tid IN ('...') SQL clause without parameterization or input validation. A remote,…

  • CVE-2026-50635HigJun 9, 2026
    risk 0.50cvss 8.8epss 0.00

    LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default (and documented) configuration, so LSHttpRequest::checkIsAllowedHost()…

  • CVE-2026-50512HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-50511HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper link resolution before file access ('link following') in Microsoft PC Manager allows an authorized attacker to elevate privileges locally.

  • CVE-2026-48293HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-34708HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34707HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34706HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34702HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34701HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34700HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…

  • CVE-2026-34699HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34698HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34697HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34696HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

  • CVE-2026-34695HigJun 9, 2026
    risk 0.51cvss 7.8epss 0.00

    InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a…

  • CVE-2026-34693HigJun 9, 2026
    risk 0.52cvss 8.0epss 0.00

    Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or…