Aggregator

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been declared as critical. Affected is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component Parameter Handler. Executing a manipulation of the argument GO can lead to stack-based buffer overflow. This vulnerability appears as CVE-2026-5046. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in Tenda FH1201 1.2.0.14(408). It has been classified as critical. This impacts the function WrlclientSet of the file /goform/WrlclientSet of the component Parameter Handler. Performing a manipulation of the argument GO results in stack-based buffer overflow. This vulnerability is reported as CVE-2026-5045. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. This affects the function formSetSystemSettings of the file /goform/formSetSystemSettings of the component Setting Handler. Such manipulation of the argument webpage leads to stack-based buffer overflow. This vulnerability is documented as CVE-2026-5044. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-5043. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in Belkin F9K1122 1.00.33. The affected element is the function formCrossBandSwitch of the file /goform/formCrossBandSwitch of the component Parameter Handler. The manipulation of the argument webpage results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2026-5042. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #779127 / VDB-353969

Submit #779127 / VDB-353969

Submit #779126 / VDB-353968

Submit #779126 / VDB-353968

Submit #779125 / VDB-353967

Submit #779125 / VDB-353967

Submit #779124 / VDB-353966

Submit #779124 / VDB-353966

Submit #779123 / VDB-353965

Submit #779123 / VDB-353965

Почему ИИ-грамотность стала важнее самих нейросетей: отчет Forrester.

A vulnerability, which was classified as critical, has been found in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. This vulnerability is listed as CVE-2026-5041. The attack may be initiated remotely. In addition, an exploit is available.

SnowTeam Launches Leak Bazaar, a Corporate Data Exchange With ML-Powered Dump Analysis, DBMS Reverse Engineering, and Ransomware Negotiation Support

A vulnerability classified as problematic was found in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. This vulnerability is tracked as CVE-2026-5037. The attack is restricted to local execution. Moreover, an exploit is present. A patch should be applied to remediate this issue.

Submit #778914 / VDB-222644