8.7
CVE-2026-3400 - Tenda AC15 TextEditingConversion stack-based overflow
A security flaw has been discovered in Tenda AC15 up to 15.13.07.13. Affected by this issue is some unknown functionality of the file /goform/TextEditingConversion. The manipulation of the argument wpapsk_crypto2_4g results in stack-based buffer overflow. The attack may be launched remotely. The exβ¦
8.7
CVE-2026-3399 - Tenda F453 httpd GstDhcpSetSer fromGstDhcpSetSer buffer overflow
A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. The manipulation of the argument dips leads to buffer overflow. The attack may be initiated remotely. The exploit is publiβ¦
8.7
CVE-2026-3398 - Tenda F453 httpd AdvSetWan fromAdvSetWan buffer overflow
A vulnerability was determined in Tenda F453 1.0.0.3. Affected is the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. Executing a manipulation of the argument wanmode/PPPOEPassword can lead to buffer overflow. The attack can be launched remotely. The exploit has been puβ¦
6.9
CVE-2026-3395 - MaxSite CMS MarkItUp Preview AJAX Endpoint preview-ajax.php eval code injection
A flaw has been found in MaxSite CMS up to 109.1. This impacts the function eval of the file application/maxsite/admin/plugins/editor_markitup/preview-ajax.php of the component MarkItUp Preview AJAX Endpoint. Executing a manipulation can lead to code injection. It is possible to launch the attack rβ¦
4.8
CVE-2026-3394 - jarikomppa soloud WAV File soloud_wav.cpp loadwav memory corruption
A vulnerability was detected in jarikomppa soloud up to 20200207. This affects the function SoLoud::Wav::loadwav of the file src/audiosource/wav/soloud_wav.cpp of the component WAV File Parser. Performing a manipulation results in memory corruption. The attack must be initiated from a local positioβ¦
4.8
CVE-2026-3393 - jarikomppa soloud Audio File soloud_wav.cpp loadflac heap-based overflow
A security vulnerability has been detected in jarikomppa soloud up to 20200207. The impacted element is the function SoLoud::Wav::loadflac of the file src/audiosource/wav/soloud_wav.cpp of the component Audio File Handler. Such manipulation leads to heap-based buffer overflow. The attack must be caβ¦
4.8
CVE-2026-3392 - FascinatedBox lily lily_emitter.c eval_tree null pointer dereference
A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The attack is restricted to local execution. The exploit has been made available to the public and could β¦
4.8
CVE-2026-3391 - FascinatedBox lily lily_emitter.c clear_storages out-of-bounds
A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack is only possible with local access. The exploit has been released to the public and may be used forβ¦
4.8
CVE-2026-3390 - FascinatedBox lily Error Reporting lily_build_error.c patch_line_end out-of-bounds
A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit isβ¦
4.8
CVE-2026-3389 - Squirrel sqstdrex.cpp sqstd_rex_newnode null pointer dereference
A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and mβ¦