Skip to main content
CVE-2026-2910 HIGH POC This Week

Stack-based buffer overflow in Tenda HG9 firmware's pingAddr parameter allows unauthenticated remote attackers to achieve code execution through the /boaform/formPing6 endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. The flaw carries high severity with complete compromise potential across confidentiality, integrity, and availability.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2909 HIGH POC This Week

Stack-based buffer overflow in the Diagnostic Ping Endpoint of Tenda HG9 firmware allows unauthenticated remote attackers to achieve code execution by supplying a malicious pingAddr parameter. The vulnerability exists in the /boaform/formPing component and is exploitable over the network with low complexity. Public exploit code exists and no patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2908 HIGH POC This Week

Stack-based buffer overflow in Tenda HG9 firmware's loopback detection endpoint allows remote attackers with valid credentials to achieve complete system compromise through manipulation of the Ethtype parameter. Public exploit code exists for this vulnerability, creating immediate risk in deployed environments. No patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2907 HIGH POC This Week

Remote code execution in Tenda HG9 firmware via stack buffer overflow in the GPON configuration endpoint allows authenticated attackers to achieve full system compromise through manipulation of LOID parameters. Public exploit code exists for this vulnerability, increasing the risk of active exploitation in deployed devices. No patch is currently available, making network segmentation and access controls critical for mitigation.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2906 HIGH POC This Week

Remote code execution in Tenda HG9 firmware via stack buffer overflow in the Samba configuration endpoint allows authenticated attackers to achieve complete system compromise through manipulation of the sambaCap parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. No patch is currently available.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2905 HIGH POC This Week

Stack buffer overflow in Tenda HG9 firmware's wireless configuration endpoint allows authenticated remote attackers to achieve arbitrary code execution through a malicious SSID parameter. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The vulnerability affects the /boaform/formWlanSetup component and currently has no available patch.

Buffer Overflow Stack Overflow Hg9 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2911 HIGH POC This Week

Buffer overflow in Tenda FH451 firmware versions up to 1.0.0.9 allows authenticated remote attackers to achieve code execution through crafted requests to the /goform/GstDhcpSetSer endpoint. Public exploit code exists for this vulnerability, and no patch is currently available, leaving all affected devices at risk.

Buffer Overflow Fh451 Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2904 HIGH POC This Week

Unauthenticated remote attackers can achieve complete system compromise through a buffer overflow in the UTT HiPER 810G firmware's /goform/ConfigExceptAli endpoint via unsafe string handling. Public exploit code is available for this vulnerability, increasing exploitation risk for unpatched devices. The flaw requires only network access and affects firmware version 1.7.7-171114 with no patch currently available.

Buffer Overflow 810g Firmware
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-2929 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware version 1.01.07 allows authenticated remote attackers to achieve arbitrary code execution by manipulating the submit-url parameter in the wireless access control endpoint. Public exploit code exists for this vulnerability, and no patch is currently available.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2927 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve code execution by manipulating the submit-url parameter in the Operation Mode Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with network access and valid credentials can leverage this flaw to fully compromise affected devices.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2926 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to execute arbitrary code by manipulating the submit-url parameter in the LTE Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can leverage this flaw to achieve complete system compromise including confidentiality, integrity, and availability breaches.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2925 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware versions up to 1.01.07 allows authenticated remote attackers to achieve complete system compromise through manipulation of the submit-url parameter in the Bridge VLAN Configuration endpoint. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker with valid credentials can execute arbitrary code with full system privileges.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-2928 HIGH POC This Week

Stack-based buffer overflow in D-Link DWR-M960 firmware (version 1.01.07) WLAN encryption configuration endpoint allows authenticated remote attackers to execute arbitrary code with high integrity and confidentiality impact. The vulnerability exists in the submit-url parameter handling within the /boafrm/formWlEncrypt component and has public exploit code available. No patch is currently available for this vulnerability.

D-Link Buffer Overflow Stack Overflow Dwr M960 Firmware
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2019-25443 HIGH POC This Week

Inventory Webapp contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through GET parameters. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25440 HIGH POC This Week

WebIncorp ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the prod_id parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25462 HIGH POC This Week

Web Ofisi Rent a Car v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'klima' parameter. [CVSS 8.2 HIGH]

SQLi Denial Of Service
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25433 HIGH POC This Week

XOOPS CMS 2.5.9 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cid parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25446 HIGH POC This Week

DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25439 HIGH POC This Week

NoviSmart CMS contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the Referer HTTP header field. [CVSS 8.2 HIGH]

SQLi Denial Of Service
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.1%
CVE-2019-25391 HIGH POC This Week

Ashop Shopping Cart Software contains a time-based blind SQL injection vulnerability that allows attackers to manipulate database queries through the blacklistitemid parameter. [CVSS 8.2 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2019-25366 HIGH POC This Week

microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. [CVSS 8.2 HIGH]

SQLi
NVD Exploit-DB
CVSS 3.1
8.2
EPSS
0.0%
CVE-2019-25457 HIGH POC This Week

Web Ofisi Firma v13 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'oz' array parameter. [CVSS 7.5 HIGH]

SQLi Firma
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25455 HIGH POC This Week

Web Ofisi E-Ticaret v3 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'a' parameter. Attackers can send GET requests to with malicious 'a' parameter values to extract sensitive database information. [CVSS 7.5 HIGH]

SQLi E Ticaret
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25452 HIGH POC This Week

Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. [CVSS 7.5 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25461 HIGH POC This Week

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' parameter. [CVSS 7.5 HIGH]

SQLi Platinum E Ticaret
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25460 HIGH POC This Week

Web Ofisi Platinum E-Ticaret v5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'q' GET parameter. [CVSS 7.5 HIGH]

SQLi Platinum E Ticaret
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25442 HIGH POC This Week

Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive database information. [CVSS 7.5 HIGH]

SQLi Web Wiz Forums
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.1%
CVE-2019-25450 HIGH POC This Week

Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. [CVSS 7.5 HIGH]

PHP SQLi
NVD Exploit-DB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2935 HIGH POC This Week

Remote code execution in UTT HiPER 810G firmware through version 1.7.7-171114 allows unauthenticated attackers to overflow a buffer via the remark parameter in the /goform/ConfigExceptMSN endpoint. Public exploit code is available and no patch has been released, creating immediate risk for exposed devices.

Buffer Overflow 810g Firmware
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy