8.1
CVE-2026-31836 - Mass Assignment Privilege Escalation in Checkmate
Checkmate is an open-source, self-hosted tool designed to track and monitor server hardware, uptime, response times, and incidents in real-time with beautiful visualizations. In versions from 3.5.1 and prior, a mass assignment vulnerability in Checkmate's user profile update endpoint allows any autβ¦
5.1
CVE-2026-4494 - atjiu pybbs TopicApiController.java create cross site scripting
A vulnerability was identified in atjiu pybbs 6.0.0. This affects the function create of the file src/main/java/co/yiiu/pybbs/controller/api/TopicApiController.java. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available andβ¦
8.7
CVE-2026-4493 - Tenda A18 Pro MAC Filtering Configuration Endpoint setMacFilterCfg sub_423B50 stack-based overflow
A vulnerability was determined in Tenda A18 Pro 02.03.02.28. The impacted element is the function sub_423B50 of the file /goform/setMacFilterCfg of the component MAC Filtering Configuration Endpoint. Executing a manipulation of the argument deviceList can lead to stack-based buffer overflow. The atβ¦
5.1
CVE-2026-32844 - XinLiangCoder / php_api_doc Reflected XSS via list_method.php
XinLiangCoder php_api_doc through commit 1ce5bbf contains a reflected cross-site scripting vulnerability in list_method.php that allows remote attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious code through the f parameter. Attackers can craft a malicious URL witβ¦
8.7
CVE-2026-4492 - Tenda A18 Pro formSetQosBand set_qosMib_list stack-based overflow
A vulnerability was found in Tenda A18 Pro 02.03.02.28. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has β¦
8.7
CVE-2026-4491 - Tenda A18 Pro SetIpMacBind fromSetIpMacBind stack-based overflow
A vulnerability has been found in Tenda A18 Pro 02.03.02.28. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack can be executed remotely. The exploit has been disclosed to the public andβ¦
8.7
CVE-2026-4490 - Tenda A18 Pro openSchedWifi setSchedWifi stack-based overflow
A flaw has been found in Tenda A18 Pro 02.03.02.28. This issue affects the function setSchedWifi of the file /goform/openSchedWifi. This manipulation causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
7.7
CVE-2025-15608 - Buffer Overflow in Network Probe Handling Function of TP-Link Archer AX53
This vulnerability in AX53 v1 results from insufficient input sanitization in the deviceβs probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution through β¦
7.3
CVE-2025-15607 - Authenticated Command Injection in mcsd Service of TP-Link Archer AX53
A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary commandβ¦
2.7
CVE-2025-59383 - Media Streaming Add-on
A buffer overflow vulnerability has been reported to affect Media Streaming Add-On. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: Media Streaming Add-on 500.1.1 and later