Skip to main content

N A

456 CVEs product

Monthly

CVE-2026-36820 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. No public exploit identified at time of analysis, though a research repository documenting the flaw is referenced. The CVSS 7.5 (High) score reflects pure availability impact with no confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36819 HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-36818 HIGH This Week

Remote denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated network attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. EPSS scores exploitation probability at only 0.02% (4th percentile) and no public exploit code or active exploitation has been reported, though a research repository documenting the finding exists on GitHub. The vulnerability is not listed in CISA KEV.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36817 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser handler. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though a GitHub research repository documents the flaw. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity compromise.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36816 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows a buffer in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function, and EPSS is very low (0.02%, 4th percentile).

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36815 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing an oversized hostname parameter to the formSetNetCheckTools handler. The classic stack buffer overflow (CWE-120) currently shows no public exploit identified at time of analysis and a very low EPSS score of 0.01%, but the network-reachable management interface makes any exposed device trivially disruptable.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36813 HIGH This Week

Denial of service in Tenda W15E router firmware version 15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, and EPSS scoring of 0.01% indicates very low predicted exploitation probability, though a research repository hosting analysis artifacts exists on GitHub.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36811 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picName parameter to the formDelwebAuthPic handler. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at just 0.02% (4th percentile), but the affected SOHO/SMB router class is a frequent target once weaponized PoCs emerge.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36810 HIGH This Week

Denial of service in Tenda W15E v15.11.0.10 routers can be triggered by remote unauthenticated attackers sending a crafted HTTP request that overflows the gotoUrl parameter in the formPortalAuth function. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and at the time of analysis no public exploit identified at time of analysis though a proof-of-concept research repository is referenced. EPSS is very low (0.02%, 4th percentile), suggesting limited real-world exploitation interest despite the network-reachable attack surface.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36809 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%), but the network-reachable attack surface on a customer-premises router warrants timely mitigation. The flaw is limited to availability impact per the CVSS vector, with no confidentiality or integrity consequences claimed.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52292 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted MP4 file that triggers a stack buffer overflow in the filein_process function. The flaw resides in in_file.c and impacts availability only, with no confirmed code-execution path; no public exploit identified at time of analysis, though POC details may surface via the linked infosec.exchange post.

Denial Of Service Stack Overflow Buffer Overflow N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36808 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. EPSS is extremely low at 0.02% and no public exploit identified at time of analysis beyond a research repository, though the affected component is the web administration interface of a SOHO/SMB router.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36807 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser handler. CVSS 7.5 reflects the network-reachable, no-auth attack path with high availability impact but no confidentiality or integrity loss, and EPSS is very low (0.01%) with no public exploit identified at time of analysis.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36806 HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36805 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers stack-based buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. CVSS 7.5 reflects the network-reachable, no-privilege availability impact, while EPSS sits at 0.01% (2nd percentile) and no public exploit identified at time of analysis indicates limited near-term opportunistic exploitation despite the easy attack profile.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36803 HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows a buffer in the page parameter of the qossetting function. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis beyond a research repository, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) reflects easy network reachability against the router's web management interface. The flaw is not in CISA KEV.

Denial Of Service Buffer Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36802 HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the page parameter of the SafeMacFilter function. EPSS scores exploitation probability at just 0.02% (4th percentile), and no public exploit identified at time of analysis, though a research repository on GitHub references the vulnerable function.

Denial Of Service Buffer Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36801 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request to the formIPMacBindAdd handler with an oversized IPMacBindRule parameter. The flaw is a classic stack/heap buffer overflow (CWE-120) reachable over the network without authentication or user interaction, but its impact is limited to availability (CVSS 7.5, A:H only). No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Denial Of Service Buffer Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36800 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the IPMacBindIndex parameter handler of the formIPMacBindDel function. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 2nd percentile), but the network-reachable, no-auth attack surface on an edge networking device warrants attention from operators of affected hardware.

Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36799 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows the portalAuth parameter handled by the formPortalAuth function. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.01%), but a public proof-of-concept research repository on GitHub references the vulnerable function.

Buffer Overflow Tenda Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36798 MEDIUM This Month

Multiple stack-based buffer overflows in Tenda G0 router firmware v15.11.0.5 allow network-adjacent or remote attackers to crash the device by sending crafted HTTP requests to the `formSetDebugCfgr` debug configuration endpoint, with three independent overflow vectors (`enable`, `level`, `module` parameters) each capable of triggering a denial-of-service condition. The official CVSS vector includes UI:R, suggesting a possible CSRF-style delivery mechanism requiring an authenticated administrator to be tricked into issuing the malicious request, which meaningfully constrains exploitation compared to a purely unauthenticated remote attack. No public exploit confirmed in CISA KEV; an associated GitHub repository referenced in the CVE may contain proof-of-concept material, though EPSS remains extremely low at 0.01% (2nd percentile).

Tenda Stack Overflow Buffer Overflow Denial Of Service N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36797 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formIPMacBindModify handler via the IPMacBindRuleIp parameter. No public exploit identified at time of analysis, EPSS is very low (0.01%), and SSVC reports no observed exploitation, though CISA's SSVC marks the attack as automatable with partial technical impact.

Denial Of Service Tenda Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36796 HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picCropName parameter to the formCropAndSetWewifiPic handler. The flaw is a classic stack buffer overflow in the web management interface, and while no public weaponized exploit is identified, proof-of-concept research artifacts are published on GitHub. EPSS scores exploitation probability at just 0.01%, reflecting limited attacker interest despite trivial reachability.

Denial Of Service Tenda Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36794 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36793 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack-based buffer overflows in the formwrlSSIDset handler. The flaw is reachable without authentication or user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but EPSS is only 0.01% and no public exploit identified at time of analysis suggests low near-term mass-exploitation likelihood despite the trivial attack surface.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36792 HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36791 HIGH This Week

Denial of service in Tenda O3v3 firmware v1.0.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formSetCfm handler. No public exploit identified at time of analysis, and EPSS is very low (0.01%), but the network-reachable, no-authentication attack surface on a CPE/router device makes this relevant for exposed deployments.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36784 HIGH This Week

Denial of service in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the ip parameter of the fromNetToolGet function. Publicly available exploit code exists in a GitHub research repository, though EPSS rates exploitation probability at only 0.02% and the issue is not on CISA KEV. Impact is limited to availability (the CVSS A:H, C:N, I:N profile), making this primarily a device-crash bug rather than a code-execution vector based on the reported analysis.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36783 HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36779 HIGH This Week

Denial of service in Tenda O3 Wireless Router firmware v1.0.0.5(4180) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack buffer overflows in the fromVirtualSer function. Five distinct overflow sinks (puVar2, puVar1, __s2, __s1_00, puVar3) are reachable via the same handler. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.01%, but a research repository with vulnerability artifacts is referenced.

Stack Overflow Tenda Denial Of Service Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36778 MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-36777 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36773 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) allows adjacent-network unauthenticated attackers to crash the device via a crafted Go parameter submitted to the ask_to_reboot function, resulting in a complete Denial of Service condition. The vulnerability carries a CVSS 6.5 score with High availability impact but no confidentiality or integrity loss, and the attack vector is constrained to adjacent network access. No public exploit confirmation or CISA KEV listing is present, and EPSS at 0.02% (5th percentile) indicates low observed exploitation probability at time of analysis.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36772 MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device by supplying an oversized wl_radio parameter to the formwrlSSIDget function. Impact is limited strictly to Denial of Service (availability loss); no confidentiality or integrity impact is possible per CVSS vector analysis. No public exploit identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02% (5th percentile), placing this firmly in the lower-priority tier despite the High availability impact rating.

Denial Of Service Buffer Overflow Stack Overflow Tenda N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36771 HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36770 HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36727 CRITICAL Act Now

Authentication bypass in bookcars v8.3 lets remote unauthenticated attackers forge JWT tokens against the /api/social-sign-in endpoint to impersonate arbitrary users. The flaw carries a CVSS 9.1 rating with no public exploit identified at time of analysis, though a third-party vulnerability writeup is referenced on GitHub. EPSS is very low (0.02%, 7th percentile), suggesting limited mass-scanning interest despite the high severity.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-36726 MEDIUM This Month

{file} endpoint, which fails to restrict path traversal sequences in the file parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no privileges, and no user interaction from a network position. No public exploit identified at time of analysis, and the EPSS score of 0.12% (30th percentile) reflects low observed exploitation probability, though the no-auth attack surface warrants attention for publicly exposed deployments.

Path Traversal N A
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-36723 HIGH This Week

Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).

RCE Path Traversal Authentication Bypass N A
NVD GitHub
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-36722 MEDIUM This Month

Arbitrary file upload via the /api/create-car-image endpoint in bookcars v8.3 enables server-side code execution by uploading a crafted file (e.g., a web shell). The vulnerability targets an image upload API that fails to restrict file types per CWE-434. No public exploit identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating negligible observed exploitation pressure - however, two data conflicts significantly affect confidence: the description asserts an authenticated attacker is required while the CVSS vector records PR:N (no privileges required), and the CVSS impact scores of C:L/I:L are inconsistent with the claimed remote code execution outcome.

RCE File Upload N A
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-55659 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 allows unauthenticated remote attackers to crash the application by delivering a crafted MP4 file that a user opens. The vulnerable function ctts_box_write in isomedia/box_code_base.c fails to validate a pointer before dereferencing it when processing a malformed Composition Time to Sample (ctts) box, resulting in a denial-of-service condition. No public exploit code or active exploitation has been identified; SSVC rates exploitation status as none, though delivery is rated automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55658 MEDIUM This Month

Denial-of-service in GPAC MP4Box v2.4 allows remote attackers to crash the multimedia tool via a crafted MP4 file that triggers a floating-point exception in the gf_opus_parse_packet_header function. No public exploit identified at time of analysis, and CISA has not listed this in KEV; SSVC scoring indicates exploitation has not been observed but the flaw is automatable with partial technical impact. CVSS 7.5 reflects high availability impact achievable without authentication or user interaction once a malicious file is processed.

Denial Of Service N A
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-55657 HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a malicious MP4 file that triggers a NULL pointer dereference in the VVC (Versatile Video Coding) configuration writer. The flaw resides in gf_odf_vvc_cfg_write_bs within odf/descriptors.c and requires no authentication or user privileges beyond convincing the target to process the crafted file. No public exploit identified at time of analysis, and SSVC indicates exploitation has not been observed despite the issue being automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-55651 MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-38579 MEDIUM This Month

Multiple reflected Cross-Site Scripting vulnerabilities in damasac's thaipalliative_lte PHP application (through version 3.0) allow unauthenticated remote attackers to inject arbitrary JavaScript into victim browsers by crafting malicious URLs. The vulnerable file /substudy/ezform.php unsafely echoes four distinct user-controlled parameters - idFormMain, id (in two locations), and ptid_key - directly into HTML attributes and JavaScript contexts without output encoding. A proof-of-concept exists per SSVC data; however, EPSS is very low at 0.08% (23rd percentile) and exploitation is not confirmed by CISA KEV, suggesting limited widespread attacker interest at time of analysis.

PHP XSS N A
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.1%
CVE-2026-37737 MEDIUM This Month

CORS origin allowlist bypass in sanic-cors 2.2.0 and prior enables cross-origin access to authenticated resources by exploiting an unanchored regular expression in the origin-matching logic. The library's try_match() function in sanic_cors/core.py uses Python's re.match() - which matches only from the start of a string, not the full string - allowing an attacker who controls a domain prefixed with a trusted origin (e.g., trusted.example.com.attacker.com) to satisfy the allowlist check. Exploitation requires a victim user to visit an attacker-controlled page, placing this in a network-accessible, user-interaction-required threat model. No public exploit code has been identified at time of analysis, and no KEV listing exists.

Authentication Bypass N A
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-36500 CRITICAL Act Now

Directory traversal in the OpenDaylight Controller v12.0.5 cluster-admin:backup-datastore component allows unauthenticated remote attackers to read arbitrary files outside the intended backup directory via a crafted request. A public proof-of-concept exists on GitHub (majdlatah/ODL-Path-Traversal), though no active exploitation has been reported and EPSS scoring places real-world exploitation probability at the 16th percentile.

Path Traversal N A
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-36501 HIGH This Week

Denial of service in OpenDaylight Controller v12.0.5 allows remote unauthenticated attackers to crash or render the SDN controller unavailable by sending crafted input to the Externalizable.readExternal() deserialization component. No public exploit identified at time of analysis, but SSVC flags the flaw as automatable with partial technical impact, and the network attack vector with low complexity makes opportunistic abuse plausible despite a very low EPSS score (0.02%).

Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36785 HIGH This Week

Denial of service in Tenda FH451 V1.0.0.9 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the page parameter handler of the fromDhcpListClient function. EPSS exploitation probability is very low (0.01%, 3rd percentile) and no public exploit identified at time of analysis, though proof-of-concept artifacts appear to be hosted in a public GitHub research repository. The flaw is not listed in CISA KEV.

Denial Of Service Tenda Stack Overflow Buffer Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35904 CRITICAL Act Now

Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-44393 PyPI HIGH PATCH GHSA This Week

Man-in-the-middle attack against OpenStack oslo.messaging 1.0.0 through 17.3.0 is possible because the RabbitMQ driver validates the certificate chain but skips TLS hostname verification, letting any cert signed by the deployment CA impersonate the broker. An attacker positioned on the control-plane network can intercept and tamper with RPC and notification traffic between OpenStack services, with no public exploit identified at time of analysis but a credible POC pathway documented in OSSN-0096.

Information Disclosure N A
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-38570 HIGH This Week

Denial of service in BACnet Stack 1.3.1 occurs through an out-of-bounds read in the bacnet_tag_number_decode function, allowing remote attackers to crash affected building automation systems by sending crafted BACnet protocol messages. No public exploit identified at time of analysis, and EPSS scores the exploitation probability at a very low 0.02%, though the network-reachable nature of BACnet deployments in critical infrastructure warrants attention.

Buffer Overflow Information Disclosure Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-36182 CRITICAL Act Now

Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36180 MEDIUM This Month

Runtime integrity bypass on GNCC GP5 firmware v7.1.76 enables a physically-proximate unauthenticated attacker to circumvent file system read-only protections via a bind-mount attack, allowing arbitrary modification of system files and binaries for the current boot session. The device, an IoT platform, lacks enforcement of filesystem immutability at runtime, meaning a read-only mount can be shadowed by a writable bind-mount without detection. No public exploit has been confirmed beyond the published IoT vulnerability research linked in references, and exploitation probability is very low at 0.02% EPSS (4th percentile), consistent with the physical-access requirement.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-36178 MEDIUM This Month

Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-36176 HIGH This Week

Plaintext exposure of pre-signed Backblaze B2 upload URLs in GNCC GP5 camera firmware v7.1.76 allows physically-proximate attackers with serial UART access to harvest live cloud storage tokens. The leaked PUT URLs enable unauthorized write operations against the device's Backblaze B2 cloud storage bucket until the tokens expire. No public exploit identified at time of analysis, though a public research write-up describing the issue is referenced.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-36175 MEDIUM This Month

U-Boot bootloader authentication bypass on GNCC GP5 v7.1.76 grants a physically-proximate attacker full root access to the device by interrupting the boot sequence and injecting crafted kernel boot arguments. The vulnerability stems from insufficient input validation in the bootloader's handling of kernel command-line parameters, allowing an attacker to override security controls set during the normal boot process. Publicly available exploit code exists via a GitHub IoT vulnerability research repository; no CISA KEV listing has been identified at time of analysis, consistent with the physical-access prerequisite limiting widespread automated exploitation.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.1%
CVE-2026-36174 MEDIUM This Month

Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.6
EPSS
0.0%
CVE-2026-35906 CRITICAL Act Now

Unauthenticated remote command execution affects T3 Technology CPE routers (models T625Pro v1.0.07 and T6825G v1.0.03) through an undocumented debug CGI endpoint that processes attacker-supplied query strings as root-level shell commands. SSVC characterizes this as POC-available with total technical impact, and a public advisory has been published on GitHub, though it is not currently listed in CISA KEV.

Command Injection N A
NVD GitHub
CVSS 3.1
9.6
EPSS
0.1%
CVE-2026-35905 CRITICAL Act Now

Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-36748 CRITICAL Act Now

Stored cross-site scripting in RockRMS versions 16.13 and earlier through 17.7.0 allows authenticated attackers to inject malicious JavaScript via the Social Media links field in user profiles, leading to privilege escalation when administrators view the profile. According to the Raxis disclosure referenced in this CVE, the flaw enables session hijacking and account takeover of higher-privileged users. There is no public exploit identified at time of analysis, but a detailed technical write-up is publicly available describing the attack path.

XSS N A
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-36603 HIGH This Week

Unauthenticated UPnP abuse in Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 allows any device on the LAN to invoke 15 of 18 UPnP IGD actions on port 1900, including AddPortMapping and GetExternalIPAddress, without authentication. Because UPnP is enabled by default, an attacker with adjacent network access can punch arbitrary holes through the WAN firewall and enumerate external network state. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but the misconfiguration is trivially abusable once on the LAN.

Authentication Bypass N A
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-36602 MEDIUM This Month

Kernel pointer disclosure in the Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909 allows unauthenticated adjacent-network attackers to obtain raw MIPS KSEG0 kernel addresses through the UPnP GetStatusInfo action, effectively defeating kernel address-space layout randomization on the device. The leaked pointer reveals the kernel memory map and is most useful as a precursor to a more severe exploit chain rather than as a standalone attack - its primary value is enabling reliable offset calculation for subsequent memory corruption attacks. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and the vulnerability is not listed in CISA KEV.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-36460 MEDIUM This Month

Stored Cross-Site Scripting in Dovestones Softwares ADPhonebook before v4.0.1.1 permits authenticated admin users to inject persistent JavaScript payloads via the /Admin/Save API endpoint. Because multiple configuration sections lack input validation and output encoding, injected scripts survive across sessions and execute in any victim's browser when the affected configuration pages are loaded, with CVSS scope change (S:C) confirming cross-user impact beyond the planting admin. No public exploitation identified at time of analysis; EPSS is 0.02% (5th percentile), though a publicly available proof-of-concept gist exists at the referenced GitHub URL.

XSS N A
NVD GitHub VulDB
CVSS 3.1
4.8
EPSS
0.0%
CVE-2026-36574 HIGH This Week

Local privilege escalation and arbitrary code execution in Wassimulator CactusViewer v2.3.0 (Windows) occurs through DLL hijacking, where the application loads a malicious DLL from a writable directory instead of the legitimate library. Exploitation requires user interaction to launch the application after an attacker plants the crafted DLL, and no public exploit identified at time of analysis. EPSS rates exploitation probability at just 0.02% (5th percentile), reflecting the niche user base of this open-source image viewer.

RCE N A
NVD GitHub VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-30650 HIGH This Week

Remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows authenticated attackers to gain root-level command execution by triggering a buffer overflow in the /cgi-bin/admin/eventtask.cgi admin endpoint. Publicly available exploit code exists in a GitHub research repository, though EPSS scoring (0.09%, 25th percentile) suggests low observed exploitation activity and the CVE is not listed in CISA KEV.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-38978 MEDIUM This Month

Transmission BitTorrent client through version 4.1.1 fails to emit anti-clickjacking HTTP response headers on its browser-facing WebUI and RPC endpoint, enabling an attacker to embed the interface in a cross-origin iframe and redirect authenticated user interactions to unintended RPC actions. The fix confirmed in upstream PR #8747 adds both X-Frame-Options: SAMEORIGIN and Content-Security-Policy: frame-ancestors 'self' to all relevant responses. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) indicates low current exploitation interest.

Information Disclosure N A Suse
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-35718 MEDIUM This Month

Path traversal in VIVOTEK FD8136-VVTK firmware 0300a exposes the full device filesystem to authenticated low-privilege attackers via the /admin/downloadMedias.cgi endpoint. An attacker holding any valid credential can craft a request with directory traversal sequences to read arbitrary files - including configuration data, credentials, or private keys stored on the device. No confirmed active exploitation (not in CISA KEV), but a vulnerability research repository on GitHub exists for this CVE, and EPSS is very low at 0.02%, suggesting limited widespread attacker awareness at time of analysis.

Path Traversal N A
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-35716 MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 firmware FD8136-VVTK-0300a grants authenticated remote attackers root-level code execution by supplying an oversized POST parameter to any of three symlinked CGI admin endpoints. The vulnerable `motion_privacy.cgi` binary copies the `n1` parameter into a fixed 164-byte (0xa4) stack buffer with no bounds check and no stack canary protection, overwriting the saved link register and diverting execution to attacker-controlled code. A public proof-of-concept is available on GitHub; no active exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-30652 HIGH This Week

Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.

Buffer Overflow RCE N A
NVD GitHub VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-30649 HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow N A
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-37225 HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process listening on TCP port 36422 by sending a malformed E42_RIC_SUBSCRIPTION_REQUEST containing an empty ricEventTriggerDefinition field. The bug stems from inconsistent validation between the E42 decoder and the downstream E2AP encoder, which aborts via SIGABRT on the missing constraint. No public exploit identified at time of analysis, but the trivial trigger condition (single crafted message, no authentication) makes opportunistic disruption of O-RAN near-RT RIC deployments realistic.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-70099 HIGH POC This Week

Denial of service in lwext4 1.0.0 allows remote attackers to crash applications by supplying a malformed EXT4 filesystem image that triggers a NULL pointer dereference in ext4_dir_en_get_name_len during directory iteration. The flaw affects the 2016-era lwext4 codebase commonly embedded in IoT, bootloaders, and forensic tools that mount untrusted EXT4 images. Publicly available exploit code exists, though EPSS rates real-world exploitation probability as very low (0.02%, 4th percentile).

Null Pointer Dereference Denial Of Service N A
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-38950 HIGH This Week

Arbitrary code execution in ESA AnomalyMatch before 1.3.1 allows local attackers with low privileges to run code under the application's process by planting a malicious PyTorch checkpoint into a session directory, which is loaded via torch.load() with weights_only=False. No public exploit is identified at time of analysis, but the upstream fix (PR #9) and a third-party advisory (imlabs.info) confirm the unsafe-deserialization root cause and the migration to safetensors.

Checkpoint RCE Deserialization N A
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-37227 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC process by sending a decodable E2AP PDU (such as E2nodeConfigurationUpdate) to port 36421, triggering an unconditional assert(0) in stub handlers for whitelisted-but-unimplemented message types. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with SSVC indicating automatable exploitation and partial technical impact; no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37224 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp process on TCP/36421 by sending two E2_SETUP_REQUEST messages reusing the same E2 node configuration, abusing an assert()-based uniqueness check that triggers SIGABRT. The flaw affects FlexRIC, the open-source Near-RT RIC implementation from Eurecom's Mosaic5G project, with CVSS 7.5 reflecting high availability impact and no public exploit identified at time of analysis.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37223 HIGH This Week

Remote unauthenticated denial of service in FlexRIC v2.0.0 allows attackers to crash the entire near-RT RIC service by sending any decodable E2AP PDU with a message type outside the 9-entry whitelist to TCP port 36422. The iApp dispatcher uses assert() for validation, so an unexpected message type triggers SIGABRT in the shared iApp/RIC process, disconnecting all E2 Nodes and xApps. No public exploit identified at time of analysis, but the trivial attack complexity (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a credible operational risk for O-RAN testbeds and lab deployments.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-37222 HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC (port 36421) or iApp (port 36422) by sending a valid E2AP PDU containing an unexpected number of Information Elements, triggering a SIGABRT via overly strict hardcoded assertions. The flaw affects open-source O-RAN near-real-time RAN Intelligent Controller deployments used in 5G research and testbeds, and no public exploit has been identified at time of analysis. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-39292 HIGH This Week

Remote code execution in Falco Solutions PHPageBuilder v0.31.0 is possible through an unrestricted file upload flaw in the pagemanager/pagebuilder module, enabling unauthenticated remote attackers to upload arbitrary executable files (typically PHP webshells) and run code on the underlying web server. Publicly available exploit code exists in a dedicated GitHub repository, though EPSS scoring (0.06%, 18th percentile) and SSVC indicate no observed in-the-wild exploitation despite the attack being fully automatable.

File Upload RCE N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.1%
CVE-2026-30761 HIGH This Week

Arbitrary file upload in SourceBans Material Admin v1.1.6 allows remote unauthenticated attackers to achieve code execution by uploading a crafted image file to the pages/admin.uploadmapimg.php endpoint. The flaw is tagged as a PHP RCE vector and has public proof-of-concept gists referenced on GitHub, though it is not listed in CISA KEV and carries a very low EPSS exploitation probability (0.02%, 5th percentile).

File Upload RCE PHP N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-30760 HIGH This Week

Arbitrary user data manipulation in SourceBans Material Admin web application before v1.1.6 (commit 3ecd95e) allows remote unauthenticated attackers to alter other users' records by sending crafted XAJAX calls. The flaw stems from insufficient input validation (CWE-20) in the XAJAX request handler and is tagged as an Information Disclosure issue. No public exploit has been identified at time of analysis, and EPSS scores the likelihood of near-term exploitation at only 0.02% (5th percentile).

Information Disclosure N A
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-68708 LOW Monitor

PIN lock bypass in SailingLab AppLock 4.3.8 for Android exposes protected applications to anyone with brief physical device access. The root cause is architectural: the lock is implemented as a screen overlay rather than through Android's secure authentication APIs, meaning the underlying apps remain accessible via exposed intent routes triggered through advertisement or browser interactions. An attacker with physical access can navigate cascading UI flows to dismiss or circumvent the overlay entirely, gaining access to locked apps such as Chrome, resulting in information disclosure and unintended privilege escalation. No public exploit is confirmed in CISA KEV, but a researcher disclosure is publicly available on GitHub, and EPSS is negligible at 0.04% (11th percentile), consistent with the physical-access-only attack vector.

Information Disclosure Privilege Escalation Google N A Chrome
NVD GitHub
CVSS 3.1
2.4
EPSS
0.0%
CVE-2025-68710 LOW Monitor

PIN lock bypass in Easyelife App Lock 1.9.2 for Android allows a local attacker with physical device access to reach applications that were supposedly secured behind a PIN. The root cause is architectural: the lock is implemented as a UI overlay rather than through Android's native secure authentication APIs (BiometricPrompt, KeyguardManager), meaning it can be circumvented by triggering advertisement or browser intents that cause the app to navigate cascading activity flows, effectively routing around the overlay. EPSS is very low at 0.05% (16th percentile), no public exploit is confirmed in CISA KEV, and a researcher disclosure with likely proof-of-concept steps is publicly available on GitHub.

Google Information Disclosure Privilege Escalation N A Chrome
NVD GitHub
CVSS 3.1
2.4
EPSS
0.1%
CVE-2025-68709 MEDIUM This Month

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app sending a crafted VIEW intent with a javascript: URI to the exposed BrowserMainActivity component. Because AppLock operates with elevated permissions by design (it restricts access to other apps), this unsafe WebView navigation path creates a changed-scope impact: script execution occurs within AppLock's privilege context, enabling UI spoofing and potential privilege escalation beyond what a normal app could achieve. No public exploit identified at time of analysis beyond the publicly available proof-of-concept published by the reporter on GitHub.

XSS Google Privilege Escalation N A
NVD GitHub
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-48689 CRITICAL Act Now

Remote code execution in FastNetMon Community Edition through 1.2.9 stems from an off-by-one heap write in the pervasively-used dynamic_binary_buffer_t class, reachable by anyone who can send NetFlow, sFlow, IPFIX, or BGP traffic to the DDoS-detection appliance. Because the flawed buffer is exercised during BGP encoding/decoding, NetFlow template parsing, and Flow Spec NLRI construction, an unauthenticated network attacker can corrupt adjacent heap metadata and potentially execute arbitrary code. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

RCE Buffer Overflow Memory Corruption N A
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2026-48696 MEDIUM This Month

Buffer overflow in FastNetMon Community Edition through 1.2.9 allows a local attacker with no privileges to crash the FastNetMon process, disabling DDoS detection and network monitoring capabilities. The vulnerability is specifically tied to a sprintf-based overflow in the ExaBGP integration component, as documented in the Lorikeetsecurity advisory. This is one of at least three distinct buffer overflow vulnerabilities (alongside CVE-2026-48686 and CVE-2026-48689) identified in the same product version, suggesting a broader audit surfaced a class of unsafe string-handling bugs. No public exploit identified at time of analysis, and the impact is limited to availability (denial of service) with no confidentiality or integrity exposure.

Buffer Overflow N A
NVD GitHub
CVSS 3.1
6.2
EPSS
0.0%
CVE-2026-48695 HIGH This Week

OS command injection in FastNetMon Community Edition through 1.2.9 lets an authenticated network attacker execute arbitrary shell commands via the MikroTik router integration plugin by influencing argv[] values passed to the unsanitized _log() function. The flaw mirrors a previously disclosed Juniper plugin issue in the same project, and while a public technical write-up exists at lorikeetsecurity.com, no public exploit code or active exploitation has been identified, with EPSS at 0.05% (17th percentile).

PHP Mikrotik Juniper Command Injection N A
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2026-48694 HIGH This Week

Configuration injection in FastNetMon Community Edition through 1.2.9 allows an attacker who controls the attacker IP string passed to the Juniper integration plugin to inject arbitrary Juniper NETCONF set/delete commands, leading to full router compromise. The flaw lives in the PHP-based Juniper plugin where unsanitized argv input is interpolated into NETCONF commands, and although no public exploit identified at time of analysis (EPSS 0.03%), the technical impact is rated total under SSVC and CVSS scores 8.1.

PHP Juniper Command Injection N A
NVD GitHub VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-48697 HIGH This Week

Man-in-the-middle interception of telemetry traffic affects FastNetMon Community Edition through version 1.2.9 due to missing TLS certificate validation in outbound HTTPS connections. Network-positioned attackers can intercept, modify, or redirect telemetry data sent to community-stats.fastnetmon.com - including system fingerprints, kernel version, traffic statistics, and configuration details - and potentially serve malicious responses. EPSS is very low (0.01%), and there is no public exploit identified at time of analysis, though a technical write-up by Lorikeet Security details the root cause.

OpenSSL Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-48693 MEDIUM This Month

Local symlink exploitation in FastNetMon Community Edition through 1.2.9 allows a low-privileged local attacker to overwrite arbitrary files as the process user, which is typically root. The statistics output path is hardcoded to the predictable world-accessible location /tmp/fastnetmon.dat, written via std::ios::trunc without O_NOFOLLOW or symlink validation, and the daemon sets umask to 0 at startup making all created files world-writable. A secondary chmod() bug further misapplies permissions to the wrong path. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, but the typical root execution context makes this a reliable local privilege escalation primitive despite the moderate CVSS score.

Information Disclosure N A
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. No public exploit identified at time of analysis, though a research repository documenting the flaw is referenced. The CVSS 7.5 (High) score reflects pure availability impact with no confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. The CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) reflects easy network-based exploitation with high availability impact but no confidentiality or integrity loss, and no public exploit identified at time of analysis beyond a research repository reference.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Tenda W20E router firmware v15.11.0.6 allows unauthenticated network attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. EPSS scores exploitation probability at only 0.02% (4th percentile) and no public exploit code or active exploitation has been reported, though a research repository documenting the finding exists on GitHub. The vulnerability is not listed in CISA KEV.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser handler. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis, though a GitHub research repository documents the flaw. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity compromise.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows a buffer in the wewifiWhiteUserInfo parameter handled by the formAddWewifiWhiteUser function. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function, and EPSS is very low (0.02%, 4th percentile).

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing an oversized hostname parameter to the formSetNetCheckTools handler. The classic stack buffer overflow (CWE-120) currently shows no public exploit identified at time of analysis and a very low EPSS score of 0.01%, but the network-reachable management interface makes any exposed device trivially disruptable.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware version 15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. No public exploit identified at time of analysis, and EPSS scoring of 0.01% indicates very low predicted exploitation probability, though a research repository hosting analysis artifacts exists on GitHub.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picName parameter to the formDelwebAuthPic handler. No public exploit identified at time of analysis, and EPSS rates real-world exploitation probability at just 0.02% (4th percentile), but the affected SOHO/SMB router class is a frequent target once weaponized PoCs emerge.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E v15.11.0.10 routers can be triggered by remote unauthenticated attackers sending a crafted HTTP request that overflows the gotoUrl parameter in the formPortalAuth function. The CVSS 7.5 score reflects high availability impact with no confidentiality or integrity loss, and at the time of analysis no public exploit identified at time of analysis though a proof-of-concept research repository is referenced. EPSS is very low (0.02%, 4th percentile), suggesting limited real-world exploitation interest despite the network-reachable attack surface.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. No public exploit identified at time of analysis and EPSS exploitation probability is very low (0.02%), but the network-reachable attack surface on a customer-premises router warrants timely mitigation. The flaw is limited to availability impact per the CVSS vector, with no confidentiality or integrity consequences claimed.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a crafted MP4 file that triggers a stack buffer overflow in the filein_process function. The flaw resides in in_file.c and impacts availability only, with no confirmed code-execution path; no public exploit identified at time of analysis, though POC details may surface via the linked infosec.exchange post.

Denial Of Service Stack Overflow Buffer Overflow +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. EPSS is extremely low at 0.02% and no public exploit identified at time of analysis beyond a research repository, though the affected component is the web administration interface of a SOHO/SMB router.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser handler. CVSS 7.5 reflects the network-reachable, no-auth attack path with high availability impact but no confidentiality or integrity loss, and EPSS is very low (0.01%) with no public exploit identified at time of analysis.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W15E router firmware v15.11.0.10 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. No public exploit identified at time of analysis, and EPSS scoring places exploitation probability at just 0.01% (2nd percentile), suggesting low near-term mass-exploitation likelihood despite the network-reachable attack surface. The flaw is not listed in CISA KEV.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers stack-based buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. CVSS 7.5 reflects the network-reachable, no-privilege availability impact, while EPSS sits at 0.01% (2nd percentile) and no public exploit identified at time of analysis indicates limited near-term opportunistic exploitation despite the easy attack profile.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows a buffer in the page parameter of the qossetting function. EPSS is very low (0.02%, 4th percentile) and no public exploit identified at time of analysis beyond a research repository, but the CVSS 7.5 (AV:N/AC:L/PR:N/UI:N/A:H) reflects easy network reachability against the router's web management interface. The flaw is not in CISA KEV.

Denial Of Service Buffer Overflow Tenda +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda PW201A v1.0.5 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the page parameter of the SafeMacFilter function. EPSS scores exploitation probability at just 0.02% (4th percentile), and no public exploit identified at time of analysis, though a research repository on GitHub references the vulnerable function.

Denial Of Service Buffer Overflow Tenda +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request to the formIPMacBindAdd handler with an oversized IPMacBindRule parameter. The flaw is a classic stack/heap buffer overflow (CWE-120) reachable over the network without authentication or user interaction, but its impact is limited to availability (CVSS 7.5, A:H only). No public exploit identified at time of analysis and EPSS exploitation probability is negligible at 0.01%.

Denial Of Service Buffer Overflow Tenda +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a buffer overflow in the IPMacBindIndex parameter handler of the formIPMacBindDel function. No public exploit identified at time of analysis, and EPSS exploitation probability is very low (0.01%, 2nd percentile), but the network-reachable, no-auth attack surface on an edge networking device warrants attention from operators of affected hardware.

Tenda Denial Of Service Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that overflows the portalAuth parameter handled by the formPortalAuth function. No public exploit is identified at time of analysis and EPSS exploitation probability is very low (0.01%), but a public proof-of-concept research repository on GitHub references the vulnerable function.

Buffer Overflow Tenda Denial Of Service +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Multiple stack-based buffer overflows in Tenda G0 router firmware v15.11.0.5 allow network-adjacent or remote attackers to crash the device by sending crafted HTTP requests to the `formSetDebugCfgr` debug configuration endpoint, with three independent overflow vectors (`enable`, `level`, `module` parameters) each capable of triggering a denial-of-service condition. The official CVSS vector includes UI:R, suggesting a possible CSRF-style delivery mechanism requiring an authenticated administrator to be tricked into issuing the malicious request, which meaningfully constrains exploitation compared to a purely unauthenticated remote attack. No public exploit confirmed in CISA KEV; an associated GitHub repository referenced in the CVE may contain proof-of-concept material, though EPSS remains extremely low at 0.01% (2nd percentile).

Tenda Stack Overflow Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formIPMacBindModify handler via the IPMacBindRuleIp parameter. No public exploit identified at time of analysis, EPSS is very low (0.01%), and SSVC reports no observed exploitation, though CISA's SSVC marks the attack as automatable with partial technical impact.

Denial Of Service Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda G0 router firmware v15.11.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request with an oversized picCropName parameter to the formCropAndSetWewifiPic handler. The flaw is a classic stack buffer overflow in the web management interface, and while no public weaponized exploit is identified, proof-of-concept research artifacts are published on GitHub. EPSS scores exploitation probability at just 0.01%, reflecting limited attacker interest despite trivial reachability.

Denial Of Service Tenda Buffer Overflow +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows unauthenticated remote attackers to crash the device by sending crafted HTTP requests with oversized username or password parameters that overflow stack buffers in the R7WebsSecurityHandler function. The flaw affects the router's web management interface and carries a CVSS 7.5 (availability-only impact); no public exploit identified at time of analysis and EPSS exploitation probability is very low at 0.01%.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack-based buffer overflows in the formwrlSSIDset handler. The flaw is reachable without authentication or user interaction (CVSS 7.5, AV:N/AC:L/PR:N), but EPSS is only 0.01% and no public exploit identified at time of analysis suggests low near-term mass-exploitation likelihood despite the trivial attack surface.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda W3 Wireless Router firmware v1.0.0.3(2204) allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request containing a malicious wl_radio parameter to the formWifiRadioSet function. EPSS scoring (0.01%, 2nd percentile) indicates very low real-world exploitation probability, and no public exploit identified at time of analysis beyond a research repository referencing the vulnerable function.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda O3v3 firmware v1.0.0.5 allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack buffer overflow in the formSetCfm handler. No public exploit identified at time of analysis, and EPSS is very low (0.01%), but the network-reachable, no-authentication attack surface on a CPE/router device makes this relevant for exposed deployments.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in the Tenda O3 Wireless Router (firmware v1.0.0.5(4180)) allows unauthenticated remote attackers to crash the device by sending a crafted HTTP request that triggers a stack-based buffer overflow in the ip parameter of the fromNetToolGet function. Publicly available exploit code exists in a GitHub research repository, though EPSS rates exploitation probability at only 0.02% and the issue is not on CISA KEV. Impact is limited to availability (the CVSS A:H, C:N, I:N profile), making this primarily a device-crash bug rather than a code-execution vector based on the reported analysis.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service via stack buffer overflow affects the Tenda O3 wireless router firmware v1.0.0.5(4180), where the fromNetToolGet handler fails to bound-check the domain parameter supplied in HTTP requests. Remote attackers can crash the router's web management service by sending a crafted request, disrupting network connectivity for downstream clients. SSVC flags the issue as proof-of-concept with automatable exploitation and partial technical impact, though EPSS remains low at 0.01% and no in-the-wild exploitation has been confirmed.

Tenda Denial Of Service Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda O3 Wireless Router firmware v1.0.0.5(4180) allows remote unauthenticated attackers to crash the device by sending crafted HTTP requests that trigger stack buffer overflows in the fromVirtualSer function. Five distinct overflow sinks (puVar2, puVar1, __s2, __s1_00, puVar3) are reachable via the same handler. No public exploit identified at time of analysis, and EPSS rates exploitation likelihood at 0.01%, but a research repository with vulnerability artifacts is referenced.

Stack Overflow Tenda Denial Of Service +2
NVD GitHub
EPSS 0% CVSS 4.9
MEDIUM This Month

Stack-based buffer overflow in Tenda O3 Wireless Router firmware v1.0.0.5(4180) enables authenticated remote attackers to crash the device by submitting an oversized username value to the R7WebsSecurityHandler HTTP handler. The CVSS vector (PR:H) confirms that exploitation requires high-privilege authentication, constraining the attack surface to compromised admin credentials or insider threat scenarios. No public exploit identified at time of analysis and EPSS sits at the 2nd percentile (0.01%), reflecting low observed exploitation interest.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device via the formSetCfm HTTP endpoint. The vulnerability resides in the param_1 parameter of the formSetCfm function, where insufficient input validation allows a crafted HTTP request to overflow a stack buffer, resulting in a Denial of Service. A public GitHub repository linked in the references (xhh0124/SemVulLLM) appears to document or demonstrate the issue; no public exploit identified at time of analysis beyond that reference, and the EPSS score of 0.01% (2nd percentile) reflects very low exploitation probability.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) allows adjacent-network unauthenticated attackers to crash the device via a crafted Go parameter submitted to the ask_to_reboot function, resulting in a complete Denial of Service condition. The vulnerability carries a CVSS 6.5 score with High availability impact but no confidentiality or integrity loss, and the attack vector is constrained to adjacent network access. No public exploit confirmation or CISA KEV listing is present, and EPSS at 0.02% (5th percentile) indicates low observed exploitation probability at time of analysis.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Stack-based buffer overflow in the Tenda W3 Wireless Router v1.0.0.3(2204) enables adjacent-network unauthenticated attackers to crash the device by supplying an oversized wl_radio parameter to the formwrlSSIDget function. Impact is limited strictly to Denial of Service (availability loss); no confidentiality or integrity impact is possible per CVSS vector analysis. No public exploit identified at time of analysis, and EPSS exploitation probability is extremely low at 0.02% (5th percentile), placing this firmly in the lower-priority tier despite the High availability impact rating.

Denial Of Service Buffer Overflow Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Denial-of-service in the Tenda W3 Wireless Router (firmware v1.0.0.3(2204)) allows remote unauthenticated attackers to crash the device by sending crafted input to the wl_radio parameter of the formwrlSSIDset function, triggering a stack-based buffer overflow. Publicly available exploit research exists in a GitHub repository, but no public exploit identified for weaponized use at time of analysis and the issue is not listed in CISA KEV. The CVSS 7.5 score reflects high availability impact without confidentiality or integrity loss.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Tenda US_W3V1.0BR router firmware v1.0.0.3 allows unauthenticated network attackers to crash the device by sending a crafted value in the 'Go' parameter to the ask_to_reboot function, triggering a stack-based buffer overflow. No public exploit identified at time of analysis, though a third-party research repository on GitHub references the vulnerable function.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Authentication bypass in bookcars v8.3 lets remote unauthenticated attackers forge JWT tokens against the /api/social-sign-in endpoint to impersonate arbitrary users. The flaw carries a CVSS 9.1 rating with no public exploit identified at time of analysis, though a third-party vulnerability writeup is referenced on GitHub. EPSS is very low (0.02%, 7th percentile), suggesting limited mass-scanning interest despite the high severity.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

{file} endpoint, which fails to restrict path traversal sequences in the file parameter. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms exploitation requires no authentication, no privileges, and no user interaction from a network position. No public exploit identified at time of analysis, and the EPSS score of 0.12% (30th percentile) reflects low observed exploitation probability, though the no-auth attack surface warrants attention for publicly exposed deployments.

Path Traversal N A
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in BookCars v8.3 is achievable by authenticated attackers who abuse a path traversal flaw in the /api/create-user endpoint to rename and relocate files from temporary storage to attacker-chosen filesystem paths. The flaw is tagged as Authentication Bypass, Path Traversal, and RCE, and a public write-up exists in a third-party GitHub repository, though it is not listed in CISA KEV and EPSS is low at 0.17% (38th percentile).

RCE Path Traversal Authentication Bypass +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

Arbitrary file upload via the /api/create-car-image endpoint in bookcars v8.3 enables server-side code execution by uploading a crafted file (e.g., a web shell). The vulnerability targets an image upload API that fails to restrict file types per CWE-434. No public exploit identified at time of analysis, and EPSS sits at 0.02% (6th percentile), indicating negligible observed exploitation pressure - however, two data conflicts significantly affect confidence: the description asserts an authenticated attacker is required while the CVSS vector records PR:N (no privileges required), and the CVSS impact scores of C:L/I:L are inconsistent with the claimed remote code execution outcome.

RCE File Upload N A
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 allows unauthenticated remote attackers to crash the application by delivering a crafted MP4 file that a user opens. The vulnerable function ctts_box_write in isomedia/box_code_base.c fails to validate a pointer before dereferencing it when processing a malformed Composition Time to Sample (ctts) box, resulting in a denial-of-service condition. No public exploit code or active exploitation has been identified; SSVC rates exploitation status as none, though delivery is rated automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Denial-of-service in GPAC MP4Box v2.4 allows remote attackers to crash the multimedia tool via a crafted MP4 file that triggers a floating-point exception in the gf_opus_parse_packet_header function. No public exploit identified at time of analysis, and CISA has not listed this in KEV; SSVC scoring indicates exploitation has not been observed but the flaw is automatable with partial technical impact. CVSS 7.5 reflects high availability impact achievable without authentication or user interaction once a malicious file is processed.

Denial Of Service N A
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in GPAC MP4Box v2.4 allows remote attackers to crash the application by supplying a malicious MP4 file that triggers a NULL pointer dereference in the VVC (Versatile Video Coding) configuration writer. The flaw resides in gf_odf_vvc_cfg_write_bs within odf/descriptors.c and requires no authentication or user privileges beyond convincing the target to process the crafted file. No public exploit identified at time of analysis, and SSVC indicates exploitation has not been observed despite the issue being automatable.

Denial Of Service Null Pointer Dereference N A
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

NULL pointer dereference in GPAC MP4Box v2.4 crashes the application when parsing a maliciously crafted MP4 file, enabling a Denial of Service against any user or pipeline that processes untrusted media with this tool. The flaw resides in gf_isom_get_user_data_count within isomedia/isom_read.c, where an unvalidated pointer is dereferenced during user-data atom counting. Publicly available exploit code exists as a crafted MP4 PoC, though no public exploit identified at time of analysis in CISA KEV and EPSS sits at the 5th percentile, suggesting minimal observed exploitation activity.

Denial Of Service Null Pointer Dereference N A
NVD GitHub VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

Multiple reflected Cross-Site Scripting vulnerabilities in damasac's thaipalliative_lte PHP application (through version 3.0) allow unauthenticated remote attackers to inject arbitrary JavaScript into victim browsers by crafting malicious URLs. The vulnerable file /substudy/ezform.php unsafely echoes four distinct user-controlled parameters - idFormMain, id (in two locations), and ptid_key - directly into HTML attributes and JavaScript contexts without output encoding. A proof-of-concept exists per SSVC data; however, EPSS is very low at 0.08% (23rd percentile) and exploitation is not confirmed by CISA KEV, suggesting limited widespread attacker interest at time of analysis.

PHP XSS N A
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

CORS origin allowlist bypass in sanic-cors 2.2.0 and prior enables cross-origin access to authenticated resources by exploiting an unanchored regular expression in the origin-matching logic. The library's try_match() function in sanic_cors/core.py uses Python's re.match() - which matches only from the start of a string, not the full string - allowing an attacker who controls a domain prefixed with a trusted origin (e.g., trusted.example.com.attacker.com) to satisfy the allowlist check. Exploitation requires a victim user to visit an attacker-controlled page, placing this in a network-accessible, user-interaction-required threat model. No public exploit code has been identified at time of analysis, and no KEV listing exists.

Authentication Bypass N A
NVD GitHub
EPSS 0% CVSS 9.1
CRITICAL Act Now

Directory traversal in the OpenDaylight Controller v12.0.5 cluster-admin:backup-datastore component allows unauthenticated remote attackers to read arbitrary files outside the intended backup directory via a crafted request. A public proof-of-concept exists on GitHub (majdlatah/ODL-Path-Traversal), though no active exploitation has been reported and EPSS scoring places real-world exploitation probability at the 16th percentile.

Path Traversal N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in OpenDaylight Controller v12.0.5 allows remote unauthenticated attackers to crash or render the SDN controller unavailable by sending crafted input to the Externalizable.readExternal() deserialization component. No public exploit identified at time of analysis, but SSVC flags the flaw as automatable with partial technical impact, and the network attack vector with low complexity makes opportunistic abuse plausible despite a very low EPSS score (0.02%).

Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in Tenda FH451 V1.0.0.9 routers allows remote unauthenticated attackers to crash the device by sending a crafted HTTP request that triggers a stack overflow in the page parameter handler of the fromDhcpListClient function. EPSS exploitation probability is very low (0.01%, 3rd percentile) and no public exploit identified at time of analysis, though proof-of-concept artifacts appear to be hosted in a public GitHub research repository. The flaw is not listed in CISA KEV.

Denial Of Service Tenda Stack Overflow +2
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated Telnet service activation in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allows remote attackers to enable Telnet by sending a crafted request to a vulnerable CGI component in the web management interface. SSVC scores the technical impact as total with automatable exploitation and a public proof-of-concept available, although EPSS remains low at 0.02% and the CVE is not currently listed in CISA KEV.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Man-in-the-middle attack against OpenStack oslo.messaging 1.0.0 through 17.3.0 is possible because the RabbitMQ driver validates the certificate chain but skips TLS hostname verification, letting any cert signed by the deployment CA impersonate the broker. An attacker positioned on the control-plane network can intercept and tamper with RPC and notification traffic between OpenStack services, with no public exploit identified at time of analysis but a credible POC pathway documented in OSSN-0096.

Information Disclosure N A
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Denial of service in BACnet Stack 1.3.1 occurs through an out-of-bounds read in the bacnet_tag_number_decode function, allowing remote attackers to crash affected building automation systems by sending crafted BACnet protocol messages. No public exploit identified at time of analysis, and EPSS scores the exploitation probability at a very low 0.02%, though the network-reachable nature of BACnet deployments in critical infrastructure warrants attention.

Buffer Overflow Information Disclosure Denial Of Service +1
NVD GitHub VulDB
EPSS 0% CVSS 9.8
CRITICAL Act Now

Weak password hashing on the GNCC GP5 IP camera (firmware v7.1.76) allows attackers who obtain the password hash to recover the root credential via offline brute-force, yielding full device takeover. The CVSS 9.8 score reflects network-reachable impact, but real-world exploitation first requires extracting the hash from the device; no public exploit identified at time of analysis and EPSS is very low at 0.02%.

Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Runtime integrity bypass on GNCC GP5 firmware v7.1.76 enables a physically-proximate unauthenticated attacker to circumvent file system read-only protections via a bind-mount attack, allowing arbitrary modification of system files and binaries for the current boot session. The device, an IoT platform, lacks enforcement of filesystem immutability at runtime, meaning a read-only mount can be shadowed by a writable bind-mount without detection. No public exploit has been confirmed beyond the published IoT vulnerability research linked in references, and exploitation probability is very low at 0.02% EPSS (4th percentile), consistent with the physical-access requirement.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Factory reset in GNCC GP5 firmware v7.1.76 fails to purge cryptographic material from the JFFS2 configuration partition, leaving sensitive user data recoverable after a reset operation. An attacker with physical access to a reset device - such as a discarded, resold, or stolen unit - can read the raw flash storage and extract retained secrets. No public exploit identified at time of analysis as KEV-confirmed active exploitation, though a publicly available proof-of-concept exists per SSVC data and researcher publication.

Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH This Week

Plaintext exposure of pre-signed Backblaze B2 upload URLs in GNCC GP5 camera firmware v7.1.76 allows physically-proximate attackers with serial UART access to harvest live cloud storage tokens. The leaked PUT URLs enable unauthorized write operations against the device's Backblaze B2 cloud storage bucket until the tokens expire. No public exploit identified at time of analysis, though a public research write-up describing the issue is referenced.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 6.8
MEDIUM This Month

U-Boot bootloader authentication bypass on GNCC GP5 v7.1.76 grants a physically-proximate attacker full root access to the device by interrupting the boot sequence and injecting crafted kernel boot arguments. The vulnerability stems from insufficient input validation in the bootloader's handling of kernel command-line parameters, allowing an attacker to override security controls set during the normal boot process. Publicly available exploit code exists via a GitHub IoT vulnerability research repository; no CISA KEV listing has been identified at time of analysis, consistent with the physical-access prerequisite limiting widespread automated exploitation.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 4.6
MEDIUM This Month

Plaintext credential exposure in GNCC GP5 v7.1.76 allows physically-proximate attackers to capture wireless network credentials by monitoring the device's serial UART interface during routine operations. The device transmits sensitive wireless network information - including network credentials - in cleartext to the serial console, making them trivially readable by anyone with physical access and a UART adapter. No public exploit is identified at time of analysis and no active exploitation is confirmed; however, a researcher-published IoT vulnerability disclosure exists on GitHub detailing the finding.

Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 9.6
CRITICAL Act Now

Unauthenticated remote command execution affects T3 Technology CPE routers (models T625Pro v1.0.07 and T6825G v1.0.03) through an undocumented debug CGI endpoint that processes attacker-supplied query strings as root-level shell commands. SSVC characterizes this as POC-available with total technical impact, and a public advisory has been published on GitHub, though it is not currently listed in CISA KEV.

Command Injection N A
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Hardcoded root credentials in T3 Technology CPE devices (models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03) allow remote unauthenticated attackers to gain full root-level control via the built-in 'superadmin' account. The CVSS 9.8 rating reflects network-reachable, no-interaction exploitation with total impact to confidentiality, integrity, and availability, and SSVC marks the issue as automatable with total technical impact. No public exploit identified at time of analysis, and EPSS remains very low (0.02%) despite the severity, suggesting limited current scanning activity.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Stored cross-site scripting in RockRMS versions 16.13 and earlier through 17.7.0 allows authenticated attackers to inject malicious JavaScript via the Social Media links field in user profiles, leading to privilege escalation when administrators view the profile. According to the Raxis disclosure referenced in this CVE, the flaw enables session hijacking and account takeover of higher-privileged users. There is no public exploit identified at time of analysis, but a detailed technical write-up is publicly available describing the attack path.

XSS N A
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Unauthenticated UPnP abuse in Mercusys AC12G (EU) V1 routers running firmware AC12G(EU)_V1_200909 allows any device on the LAN to invoke 15 of 18 UPnP IGD actions on port 1900, including AddPortMapping and GetExternalIPAddress, without authentication. Because UPnP is enabled by default, an attacker with adjacent network access can punch arbitrary holes through the WAN firewall and enumerate external network state. No public exploit identified at time of analysis, and EPSS is very low (0.02%), but the misconfiguration is trivially abusable once on the LAN.

Authentication Bypass N A
NVD GitHub VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Kernel pointer disclosure in the Mercusys AC12G (EU) V1 router running firmware AC12G(EU)_V1_200909 allows unauthenticated adjacent-network attackers to obtain raw MIPS KSEG0 kernel addresses through the UPnP GetStatusInfo action, effectively defeating kernel address-space layout randomization on the device. The leaked pointer reveals the kernel memory map and is most useful as a precursor to a more severe exploit chain rather than as a standalone attack - its primary value is enabling reliable offset calculation for subsequent memory corruption attacks. No public exploit identified at time of analysis, EPSS is 0.02% (7th percentile), and the vulnerability is not listed in CISA KEV.

Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 4.8
MEDIUM This Month

Stored Cross-Site Scripting in Dovestones Softwares ADPhonebook before v4.0.1.1 permits authenticated admin users to inject persistent JavaScript payloads via the /Admin/Save API endpoint. Because multiple configuration sections lack input validation and output encoding, injected scripts survive across sessions and execute in any victim's browser when the affected configuration pages are loaded, with CVSS scope change (S:C) confirming cross-user impact beyond the planting admin. No public exploitation identified at time of analysis; EPSS is 0.02% (5th percentile), though a publicly available proof-of-concept gist exists at the referenced GitHub URL.

XSS N A
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation and arbitrary code execution in Wassimulator CactusViewer v2.3.0 (Windows) occurs through DLL hijacking, where the application loads a malicious DLL from a writable directory instead of the legitimate library. Exploitation requires user interaction to launch the application after an attacker plants the crafted DLL, and no public exploit identified at time of analysis. EPSS rates exploitation probability at just 0.02% (5th percentile), reflecting the niche user base of this open-source image viewer.

RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows authenticated attackers to gain root-level command execution by triggering a buffer overflow in the /cgi-bin/admin/eventtask.cgi admin endpoint. Publicly available exploit code exists in a GitHub research repository, though EPSS scoring (0.09%, 25th percentile) suggests low observed exploitation activity and the CVE is not listed in CISA KEV.

Buffer Overflow RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Transmission BitTorrent client through version 4.1.1 fails to emit anti-clickjacking HTTP response headers on its browser-facing WebUI and RPC endpoint, enabling an attacker to embed the interface in a cross-origin iframe and redirect authenticated user interactions to unintended RPC actions. The fix confirmed in upstream PR #8747 adds both X-Frame-Options: SAMEORIGIN and Content-Security-Policy: frame-ancestors 'self' to all relevant responses. No public exploit has been identified at time of analysis, and the EPSS score of 0.02% (4th percentile) indicates low current exploitation interest.

Information Disclosure N A Suse
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Path traversal in VIVOTEK FD8136-VVTK firmware 0300a exposes the full device filesystem to authenticated low-privilege attackers via the /admin/downloadMedias.cgi endpoint. An attacker holding any valid credential can craft a request with directory traversal sequences to read arbitrary files - including configuration data, credentials, or private keys stored on the device. No confirmed active exploitation (not in CISA KEV), but a vulnerability research repository on GitHub exists for this CVE, and EPSS is very low at 0.02%, suggesting limited widespread attacker awareness at time of analysis.

Path Traversal N A
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM This Month

Stack-based buffer overflow in VIVOTEK FD8136 firmware FD8136-VVTK-0300a grants authenticated remote attackers root-level code execution by supplying an oversized POST parameter to any of three symlinked CGI admin endpoints. The vulnerable `motion_privacy.cgi` binary copies the `n1` parameter into a fixed 164-byte (0xa4) stack buffer with no bounds check and no stack canary protection, overwriting the saved link register and diverting execution to attacker-controlled code. A public proof-of-concept is available on GitHub; no active exploitation has been confirmed in CISA KEV at time of analysis.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Authenticated remote code execution in Vivotek FD8136 IP cameras running firmware FD8136-VVTK-0300a allows attackers with valid admin-interface credentials to overflow a buffer in the /cgi-bin/dido/setdo.cgi endpoint and execute arbitrary code as root. No public exploit identified at time of analysis, though a vulnerability research repository on GitHub describes the issue, and EPSS estimates exploitation probability at 0.05% (17th percentile), suggesting low broad-scale exploitation interest despite the high CVSS 8.8 score.

Buffer Overflow RCE N A
NVD GitHub VulDB
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in VIVOTEK FD8136 network camera (firmware VVTK-0300a) is possible via a stack-based buffer overflow in the set_getparam.cgi component, reachable over the network without authentication. CVSS 7.3 reflects partial CIA impact, but the presence of public vulnerability-research artifacts on GitHub indicates publicly available exploit code exists, while EPSS remains low at 0.05% (17th percentile) and the issue is not currently listed in CISA KEV.

Buffer Overflow RCE Stack Overflow +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in FlexRIC v2.0.0 allows unauthenticated network attackers to crash the iApp process listening on TCP port 36422 by sending a malformed E42_RIC_SUBSCRIPTION_REQUEST containing an empty ricEventTriggerDefinition field. The bug stems from inconsistent validation between the E42 decoder and the downstream E2AP encoder, which aborts via SIGABRT on the missing constraint. No public exploit identified at time of analysis, but the trivial trigger condition (single crafted message, no authentication) makes opportunistic disruption of O-RAN near-RT RIC deployments realistic.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH POC This Week

Denial of service in lwext4 1.0.0 allows remote attackers to crash applications by supplying a malformed EXT4 filesystem image that triggers a NULL pointer dereference in ext4_dir_en_get_name_len during directory iteration. The flaw affects the 2016-era lwext4 codebase commonly embedded in IoT, bootloaders, and forensic tools that mount untrusted EXT4 images. Publicly available exploit code exists, though EPSS rates real-world exploitation probability as very low (0.02%, 4th percentile).

Null Pointer Dereference Denial Of Service N A
NVD GitHub VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Arbitrary code execution in ESA AnomalyMatch before 1.3.1 allows local attackers with low privileges to run code under the application's process by planting a malicious PyTorch checkpoint into a session directory, which is loaded via torch.load() with weights_only=False. No public exploit is identified at time of analysis, but the upstream fix (PR #9) and a third-party advisory (imlabs.info) confirm the unsafe-deserialization root cause and the migration to safetensors.

Checkpoint RCE Deserialization +1
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC process by sending a decodable E2AP PDU (such as E2nodeConfigurationUpdate) to port 36421, triggering an unconditional assert(0) in stub handlers for whitelisted-but-unimplemented message types. CVSS 7.5 (AV:N/AC:L/PR:N/UI:N) with SSVC indicating automatable exploitation and partial technical impact; no public exploit identified at time of analysis and the vulnerability is not in CISA KEV.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the iApp process on TCP/36421 by sending two E2_SETUP_REQUEST messages reusing the same E2 node configuration, abusing an assert()-based uniqueness check that triggers SIGABRT. The flaw affects FlexRIC, the open-source Near-RT RIC implementation from Eurecom's Mosaic5G project, with CVSS 7.5 reflecting high availability impact and no public exploit identified at time of analysis.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote unauthenticated denial of service in FlexRIC v2.0.0 allows attackers to crash the entire near-RT RIC service by sending any decodable E2AP PDU with a message type outside the 9-entry whitelist to TCP port 36422. The iApp dispatcher uses assert() for validation, so an unexpected message type triggers SIGABRT in the shared iApp/RIC process, disconnecting all E2 Nodes and xApps. No public exploit identified at time of analysis, but the trivial attack complexity (AV:N/AC:L/PR:N/UI:N) and high availability impact make this a credible operational risk for O-RAN testbeds and lab deployments.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in FlexRIC v2.0.0 allows unauthenticated attackers to crash the near-RT RIC (port 36421) or iApp (port 36422) by sending a valid E2AP PDU containing an unexpected number of Information Elements, triggering a SIGABRT via overly strict hardcoded assertions. The flaw affects open-source O-RAN near-real-time RAN Intelligent Controller deployments used in 5G research and testbeds, and no public exploit has been identified at time of analysis. The CVSS 7.5 reflects high availability impact with no confidentiality or integrity loss.

Denial Of Service N A
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Remote code execution in Falco Solutions PHPageBuilder v0.31.0 is possible through an unrestricted file upload flaw in the pagemanager/pagebuilder module, enabling unauthenticated remote attackers to upload arbitrary executable files (typically PHP webshells) and run code on the underlying web server. Publicly available exploit code exists in a dedicated GitHub repository, though EPSS scoring (0.06%, 18th percentile) and SSVC indicate no observed in-the-wild exploitation despite the attack being fully automatable.

File Upload RCE N A
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Arbitrary file upload in SourceBans Material Admin v1.1.6 allows remote unauthenticated attackers to achieve code execution by uploading a crafted image file to the pages/admin.uploadmapimg.php endpoint. The flaw is tagged as a PHP RCE vector and has public proof-of-concept gists referenced on GitHub, though it is not listed in CISA KEV and carries a very low EPSS exploitation probability (0.02%, 5th percentile).

File Upload RCE PHP +1
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

Arbitrary user data manipulation in SourceBans Material Admin web application before v1.1.6 (commit 3ecd95e) allows remote unauthenticated attackers to alter other users' records by sending crafted XAJAX calls. The flaw stems from insufficient input validation (CWE-20) in the XAJAX request handler and is tagged as an Information Disclosure issue. No public exploit has been identified at time of analysis, and EPSS scores the likelihood of near-term exploitation at only 0.02% (5th percentile).

Information Disclosure N A
NVD GitHub
EPSS 0% CVSS 2.4
LOW Monitor

PIN lock bypass in SailingLab AppLock 4.3.8 for Android exposes protected applications to anyone with brief physical device access. The root cause is architectural: the lock is implemented as a screen overlay rather than through Android's secure authentication APIs, meaning the underlying apps remain accessible via exposed intent routes triggered through advertisement or browser interactions. An attacker with physical access can navigate cascading UI flows to dismiss or circumvent the overlay entirely, gaining access to locked apps such as Chrome, resulting in information disclosure and unintended privilege escalation. No public exploit is confirmed in CISA KEV, but a researcher disclosure is publicly available on GitHub, and EPSS is negligible at 0.04% (11th percentile), consistent with the physical-access-only attack vector.

Information Disclosure Privilege Escalation Google +2
NVD GitHub
EPSS 0% CVSS 2.4
LOW Monitor

PIN lock bypass in Easyelife App Lock 1.9.2 for Android allows a local attacker with physical device access to reach applications that were supposedly secured behind a PIN. The root cause is architectural: the lock is implemented as a UI overlay rather than through Android's native secure authentication APIs (BiometricPrompt, KeyguardManager), meaning it can be circumvented by triggering advertisement or browser intents that cause the app to navigate cascading activity flows, effectively routing around the overlay. EPSS is very low at 0.05% (16th percentile), no public exploit is confirmed in CISA KEV, and a researcher disclosure with likely proof-of-concept steps is publicly available on GitHub.

Google Information Disclosure Privilege Escalation +2
NVD GitHub
EPSS 0% CVSS 5.2
MEDIUM This Month

Arbitrary JavaScript execution in SailingLab AppLock 4.3.8 for Android is triggered by a malicious co-installed app sending a crafted VIEW intent with a javascript: URI to the exposed BrowserMainActivity component. Because AppLock operates with elevated permissions by design (it restricts access to other apps), this unsafe WebView navigation path creates a changed-scope impact: script execution occurs within AppLock's privilege context, enabling UI spoofing and potential privilege escalation beyond what a normal app could achieve. No public exploit identified at time of analysis beyond the publicly available proof-of-concept published by the reporter on GitHub.

XSS Google Privilege Escalation +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote code execution in FastNetMon Community Edition through 1.2.9 stems from an off-by-one heap write in the pervasively-used dynamic_binary_buffer_t class, reachable by anyone who can send NetFlow, sFlow, IPFIX, or BGP traffic to the DDoS-detection appliance. Because the flawed buffer is exercised during BGP encoding/decoding, NetFlow template parsing, and Flow Spec NLRI construction, an unauthenticated network attacker can corrupt adjacent heap metadata and potentially execute arbitrary code. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N), but no public exploit is identified at time of analysis and it is not listed in CISA KEV.

RCE Buffer Overflow Memory Corruption +1
NVD GitHub VulDB
EPSS 0% CVSS 6.2
MEDIUM This Month

Buffer overflow in FastNetMon Community Edition through 1.2.9 allows a local attacker with no privileges to crash the FastNetMon process, disabling DDoS detection and network monitoring capabilities. The vulnerability is specifically tied to a sprintf-based overflow in the ExaBGP integration component, as documented in the Lorikeetsecurity advisory. This is one of at least three distinct buffer overflow vulnerabilities (alongside CVE-2026-48686 and CVE-2026-48689) identified in the same product version, suggesting a broader audit surfaced a class of unsafe string-handling bugs. No public exploit identified at time of analysis, and the impact is limited to availability (denial of service) with no confidentiality or integrity exposure.

Buffer Overflow N A
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

OS command injection in FastNetMon Community Edition through 1.2.9 lets an authenticated network attacker execute arbitrary shell commands via the MikroTik router integration plugin by influencing argv[] values passed to the unsanitized _log() function. The flaw mirrors a previously disclosed Juniper plugin issue in the same project, and while a public technical write-up exists at lorikeetsecurity.com, no public exploit code or active exploitation has been identified, with EPSS at 0.05% (17th percentile).

PHP Mikrotik Juniper +2
NVD GitHub
EPSS 0% CVSS 8.1
HIGH This Week

Configuration injection in FastNetMon Community Edition through 1.2.9 allows an attacker who controls the attacker IP string passed to the Juniper integration plugin to inject arbitrary Juniper NETCONF set/delete commands, leading to full router compromise. The flaw lives in the PHP-based Juniper plugin where unsanitized argv input is interpolated into NETCONF commands, and although no public exploit identified at time of analysis (EPSS 0.03%), the technical impact is rated total under SSVC and CVSS scores 8.1.

PHP Juniper Command Injection +1
NVD GitHub VulDB
EPSS 0% CVSS 7.4
HIGH This Week

Man-in-the-middle interception of telemetry traffic affects FastNetMon Community Edition through version 1.2.9 due to missing TLS certificate validation in outbound HTTPS connections. Network-positioned attackers can intercept, modify, or redirect telemetry data sent to community-stats.fastnetmon.com - including system fingerprints, kernel version, traffic statistics, and configuration details - and potentially serve malicious responses. EPSS is very low (0.01%), and there is no public exploit identified at time of analysis, though a technical write-up by Lorikeet Security details the root cause.

OpenSSL Information Disclosure N A
NVD GitHub VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Local symlink exploitation in FastNetMon Community Edition through 1.2.9 allows a low-privileged local attacker to overwrite arbitrary files as the process user, which is typically root. The statistics output path is hardcoded to the predictable world-accessible location /tmp/fastnetmon.dat, written via std::ios::trunc without O_NOFOLLOW or symlink validation, and the daemon sets umask to 0 at startup making all created files world-writable. A secondary chmod() bug further misapplies permissions to the wrong path. No public exploit has been identified at time of analysis and EPSS sits at the 4th percentile, but the typical root execution context makes this a reliable local privilege escalation primitive despite the moderate CVSS score.

Information Disclosure N A
NVD GitHub VulDB
Prev Page 3 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy