1.7
CVE-2025-64098 - FastDDS has Out-of-memory in readOctetVector via Manipulated DATA Submessage when DDS Security is eβ¦
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an Out-Of-Memory (OOβ¦
7.2
CVE-2025-62799 - FastDDS's heap buffer overflow in RTPS DATA_FRAG enables unauthenticated DoS (potential RCE)
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, a heap buffer overflow exists in the Fast-DDS DATA_FRAG receive path. An un authenticated sender can transmit a single malformed RTPS Dβ¦
1.7
CVE-2025-62603 - FastDDS has Out-of-memory while parsing GenericMessage when DDS Security is enabled
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ParticipantGenericMessage is the DDS Security control-message container that carries not only the handshake but also on going security-control traffic after the handshake, such asβ¦
4.7
CVE-2026-25616 - Blesta Input Validation XSS Vulnerability
Blesta 3.x through 5.x before 5.13.3 mishandles input validation, aka CORE-5665.
1.7
CVE-2025-62602 - FastDDS has heap buffer overflow in readData via Manipulated DATA Submessage when DDS Security is eβ¦
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflβ¦
7.2
CVE-2026-25615 - Object Injection Vulnerability in Blesta Versions 3.x to 5.x Before 5.13.3
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5668.
7.5
CVE-2026-25614 - Object Injection in Blesta 3.xβ5.x Allowing Remote Code Execution
Blesta 3.x through 5.x before 5.13.3 allows object injection, aka CORE-5680.
1.7
CVE-2025-62601 - FastDDS has heap buffer overflow in readString via Manipulated DATA Submessage when DDS Security isβ¦
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes a heap buffer overflβ¦
8.2
CVE-2026-24441 - Tenda AC7 Transmits Admin Credentials Without HTTPS Protection
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior expose account credentials in plaintext within HTTP responses, allowing an on-path attacker to obtain sensitive authentication material.
5.1
CVE-2026-24434 - Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions
Shenzhen Tenda AC7 firmware version V03.03.03.01_cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administratoβ¦