CVE-2026-3822 - Taipower|Taipower APP - Improper Certificate Validation
CVE ID :CVE-2026-3822
Published : March 9, 2026, 4:16 a.m. | 3 hours, 18 minutes ago
Description :Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3822
Published : March 9, 2026, 4:16 a.m. | 3 hours, 18 minutes ago
Description :Taipower APP developed by Taipower has an Improper Certificate Validation vulnerability. When establishing an HTTPS connection with the server, the application fails to verify the server-side TLS/SSL certificate. This flaw allows an unauthenticated remote attackers to exploit the vulnerability to perform a Man-in-the-Middle (MITM) attack to read and tamper with network packets.
Severity: 8.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3802 - Tenda i3 exeCommand formexeCommand stack-based overflow
CVE ID :CVE-2026-3802
Published : March 9, 2026, 5:15 a.m. | 2 hours, 18 minutes ago
Description :A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3802
Published : March 9, 2026, 5:15 a.m. | 2 hours, 18 minutes ago
Description :A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Executing a manipulation of the argument cmdinput can lead to stack-based buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-30896 - Qsee Client DLL Loading Privilege Escalation Vulnerability
CVE ID :CVE-2026-30896
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-30896
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :The installer for Qsee Client versions 1.0.1 and prior insecurely load Dynamic Link Libraries (DLLs). When a user is directed to place some malicious DLL to the same directory and execute the affected installer, then arbitrary code may be executed with the administrative privilege.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3803 - Tenda i3 WifiMacFilterGet formWifiMacFilterGet stack-based overflow
CVE ID :CVE-2026-3803
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3803
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3804 - Tenda i3 WifiMacFilterSet formWifiMacFilterSet stack-based overflow
CVE ID :CVE-2026-3804
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3804
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMacFilterSet. The manipulation of the argument index results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3806 - SourceCodester/janobe Resort Reservation System room_rates.php sql injection
CVE ID :CVE-2026-3806
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3806
Published : March 9, 2026, 6:16 a.m. | 1 hour, 18 minutes ago
Description :A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3808 - Tenda FH1202 webtypelibrary formWebTypeLibrary stack-based overflow
CVE ID :CVE-2026-3808
Published : March 9, 2026, 7:02 a.m. | 32 minutes ago
Description :A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3808
Published : March 9, 2026, 7:02 a.m. | 32 minutes ago
Description :A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary. Performing a manipulation of the argument webSiteId results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3807 - Tenda FH1202 AdvSetWrlsafeset formWrlsafeset stack-based overflow
CVE ID :CVE-2026-3807
Published : March 9, 2026, 7:16 a.m. | 18 minutes ago
Description :A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3807
Published : March 9, 2026, 7:16 a.m. | 18 minutes ago
Description :A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Such manipulation of the argument mit_ssid/mit_ssid_index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-3823 - Atop Technologies|EHG2408 series switch - Stack-based Buffer Overflow
CVE ID :CVE-2026-3823
Published : March 9, 2026, 7:16 a.m. | 18 minutes ago
Description :EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3823
Published : March 9, 2026, 7:16 a.m. | 18 minutes ago
Description :EHG2408 series switch developed by Atop Technologies has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41765 - Unchecked role in wwwupload.cgi
CVE ID :CVE-2025-41765
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-41765
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :Due to insufficient authorization enforcement, an unauthorized remote attacker can exploit the wwwupload.cgi endpoint to upload and apply arbitrary data. This includes, but is not limited to, contact images, HTTPS certificates, system backups for restoration, server peer configurations, and BACnet/SC server certificates and keys.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41766 - Stack buffer overflow on parsing web request
CVE ID :CVE-2025-41766
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-41766
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in full device compromise.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41767 - Signature bypass on update upload
CVE ID :CVE-2025-41767
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-41767
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :A high-privileged remote attacker can fully compromise the device by abusing an update signature bypass vulnerability in the wwwupdate.cgi method in the web interface of UBR.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41772 - wwwupdate.cgi Session token in URL
CVE ID :CVE-2025-41772
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-41772
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61611 - "Ericsson Modem Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-61611
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61611
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed..
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61612 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61612
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61612
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61613 - "NR Modem Remote Denial of Service Vulnerability"
CVE ID :CVE-2025-61613
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61613
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61614 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61614
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61614
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61615 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61615
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61615
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61616 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-61616
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-61616
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69278 - "NR Modem Denial of Service Vulnerability"
CVE ID :CVE-2025-69278
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69278
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-69279 - NR Modem Denial of Service Vulnerability
CVE ID :CVE-2025-69279
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2025-69279
Published : March 9, 2026, 9:16 a.m. | 2 hours, 20 minutes ago
Description :In nr modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...