6.9
CVE-2025-15038 - Out-of-Bounds Read in ASUS Business System Control Interface Driver
An Out-of-Bounds Read vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL Β request, potentially leading to a disclosure of kernel information or a system crash. Refer to the "β¦
5.4
CVE-2026-1878 - Privilege Escalation via Untrusted Installer Substitution in ASUS ROG Peripheral Driver
An Insufficient Integrity Verification vulnerability in the ASUS ROG peripheral driver installation process allows privilege escalation to SYSTEM. The vulnerability is due to improper access control on the installation directory, which enables the exploitation of a race condition where the legitimaβ¦
8.7
CVE-2026-3974 - Tenda W3 HTTP exeCommand formexeCommand stack-based overflow
A vulnerability was identified in Tenda W3 1.0.0.3(2204). This vulnerability affects the function formexeCommand of the file /goform/exeCommand of the component HTTP Handler. Such manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be performed from remote. Thβ¦
6.8
CVE-2025-15037 - Unprivileged Local Access to Kernel Information via ASUS Business System Control Interface Driver
An Incorrect Permission Assignment vulnerability exists in the ASUS Business System Control Interface driver. This vulnerability can be triggered by an unprivileged local user sending a specially crafted IOCTL request, potentially leading to unauthorized access to sensitive hardware resources and kβ¦
6.6
CVE-2025-59388 - Hyper Data Protector
A use of hard-coded password vulnerability has been reported to affect Hyper Data Protector. The remote attackers can then exploit the vulnerability to gain unauthorized access. We have already fixed the vulnerability in the following version: Hyper Data Protector 2.3.1.455 and later
4.3
CVE-2026-1182 - Improper Removal of Sensitive Information Before Storage or Transfer in GitLab
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances.
8.7
CVE-2026-3973 - Tenda W3 POST Parameter setAutoPing formSetAutoPing stack-based overflow
A vulnerability was determined in Tenda W3 1.0.0.3(2204). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component POST Parameter Handler. This manipulation of the argument ping1/ping2 causes stack-based buffer overflow. The attack is possible to be carried out remβ¦
8.7
CVE-2026-3972 - Tenda W3 HTTP setcfm formSetCfm stack-based overflow
A vulnerability was found in Tenda W3 1.0.0.3(2204). Affected by this issue is the function formSetCfm of the file /goform/setcfm of the component HTTP Handler. The manipulation of the argument funcpara1 results in stack-based buffer overflow. The attack can only be performed from the local networkβ¦
8.7
CVE-2026-3971 - Tenda i3 wifiSSIDset formwrlSSIDset stack-based overflow
A vulnerability has been found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument index/GO leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has beeβ¦
8.7
CVE-2026-3970 - Tenda i3 wifiSSIDget formwrlSSIDget stack-based overflow
A flaw has been found in Tenda i3 1.0.0.6(2204). Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. Executing a manipulation of the argument index can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used.