Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
22832
Total
1629
Critical
7118
High
7284
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-36792 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. … | Jun 09, 2026 |
| CVE-2026-36791 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability … | Jun 09, 2026 |
| CVE-2026-36784 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. … | Jun 09, 2026 |
| CVE-2026-36783 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. … | Jun 09, 2026 |
| CVE-2026-36779 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, … | Jun 09, 2026 |
| CVE-2026-36778 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. … | Jun 09, 2026 |
| CVE-2026-36777 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the param_1 parameter of the formSetCfm function. … | Jun 09, 2026 |
| CVE-2026-36773 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. … | Jun 09, 2026 |
| CVE-2026-36772 | UNKNOWN | — | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDget function. … | Jun 09, 2026 |
| CVE-2026-36771 | HIGH | 7.5 | Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. … | Jun 09, 2026 |
| CVE-2026-36770 | HIGH | 7.5 | Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability … | Jun 09, 2026 |
| CVE-2026-36728 | MEDIUM | 5.4 | A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML … | Jun 09, 2026 |
| CVE-2026-36727 | UNKNOWN | — | An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | Jun 09, 2026 |
| CVE-2026-36726 | UNKNOWN | — | An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences. | Jun 09, 2026 |
| CVE-2026-36725 | MEDIUM | 6.1 | A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting … | Jun 09, 2026 |
| CVE-2026-36724 | MEDIUM | 6.5 | An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) via … | Jun 09, 2026 |
| CVE-2026-36723 | UNKNOWN | — | An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from … | Jun 09, 2026 |
| CVE-2026-36722 | UNKNOWN | — | An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file. | Jun 09, 2026 |
| CVE-2026-36721 | CRITICAL | 9.8 | A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | Jun 09, 2026 |
| CVE-2026-36720 | HIGH | 8.1 | Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. | Jun 09, 2026 |
| CVE-2026-36719 | HIGH | 7.5 | An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user … | Jun 09, 2026 |
| CVE-2026-30141 | CRITICAL | 9.8 | An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) … | Jun 09, 2026 |
| CVE-2026-10045 | CRITICAL | 9.8 | Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and … | Jun 09, 2026 |
| CVE-2025-55659 | MEDIUM | 6.5 | A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a … | Jun 09, 2026 |
| CVE-2025-55658 | MEDIUM | 6.5 | GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of … | Jun 09, 2026 |