NVD

Icon for NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2026-5982 - A vulnerability was found in D-Link DIR-605L 2.13B01. This vulnerability affects the function formAdvNetwork of the file /goform/formAdvNetwork of the component POST Request Handler. Performing a manipulation of the argument curTime results in buf... read CVE-2026-5982
Published: April 09, 2026; 6:16:37 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5983 - A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overf... read CVE-2026-5983
Published: April 09, 2026; 6:16:37 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5830 - A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be exe... read CVE-2026-5830
Published: April 08, 2026; 10:16:17 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5984 - A vulnerability was identified in D-Link DIR-605L 2.13B01. Impacted is the function formSetLog of the file /goform/formSetLog of the component POST Request Handler. The manipulation of the argument curTime leads to buffer overflow. The attack is p... read CVE-2026-5984
Published: April 09, 2026; 6:16:37 PM -0400

V3.1: 8.8 HIGH
CVE-2026-5684 - A vulnerability was determined in Tenda CX12L 16.03.53.12. Affected by this issue is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter. Executing a manipulation of the argument page can lead to stack-based buffer overf... read CVE-2026-5684
Published: April 06, 2026; 6:16:24 PM -0400

V3.1: 8.0 HIGH
CVE-2026-5412 - In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to extract the cloud credentials used to bootstrap the controller. This allows a low-privi... read CVE-2026-5412
Published: April 10, 2026; 9:16:45 AM -0400

V3.1: 6.5 MEDIUM
CVE-2026-5683 - A vulnerability was found in Tenda CX12L 16.03.53.12. Affected by this vulnerability is the function fromP2pListFilter of the file /goform/P2pListFilter. Performing a manipulation of the argument page results in stack-based buffer overflow. The at... read CVE-2026-5683
Published: April 06, 2026; 5:16:22 PM -0400

V3.1: 8.0 HIGH
CVE-2026-6110 - A vulnerability was identified in FoundationAgents MetaGPT up to 0.8.1. This affects the function generate_thoughts of the file metagpt/strategy/tot.py of the component Tree-of-Thought Solver. The manipulation leads to code injection. It is possib... read CVE-2026-6110
Published: April 11, 2026; 11:16:08 PM -0400

V3.1: 9.8 CRITICAL
CVE-2026-41317 - Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS).`press.api.account.create_api_secret` is prone to CSRF-like exploits. This endpoint writes to database and it is... read CVE-2026-41317
Published: April 23, 2026; 11:16:12 PM -0400

V3.1: 7.5 HIGH
CVE-2026-41430 - Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). Redirect parameter on login page is vulnerable to reflected XSS. The patch in commit 16d1b6ca2559f858a1de77bcb0... read CVE-2026-41430
Published: April 24, 2026; 12:16:21 AM -0400

V3.1: 6.1 MEDIUM
CVE-2026-6111 - A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.1. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is ... read CVE-2026-6111
Published: April 11, 2026; 11:16:08 PM -0400

V3.1: 6.5 MEDIUM
CVE-2026-7078 - A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument page results in buffer overflow. The attack can be... read CVE-2026-7078
Published: April 26, 2026; 11:15:59 PM -0400

V3.1: 8.8 HIGH
CVE-2026-7079 - A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes buffer overflow. The attack may be initiated remot... read CVE-2026-7079
Published: April 26, 2026; 11:15:59 PM -0400

V3.1: 8.8 HIGH
CVE-2026-7080 - A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attac... read CVE-2026-7080
Published: April 26, 2026; 11:16:00 PM -0400

V3.1: 8.8 HIGH
CVE-2026-7081 - A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation... read CVE-2026-7081
Published: April 27, 2026; 12:16:09 AM -0400

V3.1: 8.8 HIGH
CVE-2026-7082 - A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack... read CVE-2026-7082
Published: April 27, 2026; 12:16:09 AM -0400

V3.1: 8.8 HIGH
CVE-2026-7097 - A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of the argument page causes buffer overflow. The atta... read CVE-2026-7097
Published: April 27, 2026; 4:16:02 AM -0400

V3.1: 8.8 HIGH
CVE-2026-40972 - An attacker on the same network as the remote application may be able to utilize a timing attack to discover information about the remote secret. In extreme circumstances this could result in the attacker determining the secret and uploading chang... read CVE-2026-40972
Published: April 27, 2026; 8:16:24 PM -0400
CVE-2026-40973 - A local attacker on the same host as the application may be able to take control of the directory used by `ApplicationTemp`. When `server.servlet.session.persistent` is set to `true` and the attack persists across application restarts, this may al... read CVE-2026-40973
Published: April 27, 2026; 8:16:24 PM -0400
CVE-2026-4546 - A weakness has been identified in Flos Freeware Notepad2 4.2.25. This impacts an unknown function in the library TextShaping.dll. Executing a manipulation can lead to uncontrolled search path. The attack is restricted to local execution. The attac... read CVE-2026-4546
Published: March 22, 2026; 10:16:34 AM -0400

V3.1: 7.0 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: