Overview
Description
A weakness has been identified in Tenda HG9 300001138. Affected by this vulnerability is an unknown functionality of the file /boaform/formgponConf of the component GPON Configuration Endpoint. This manipulation of the argument fmgpon_loid/fmgpon_loid_password causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Statistics
- 1 Post
- 1 Interaction
Last activity: 10 hours ago
Overview
- openclaw
- openclaw
21 Feb 2026
Published
21 Feb 2026
Updated
CVSS v3.1
HIGH (7.6)
EPSS
0.05%
KEV
Description
OpenClaw is a personal AI assistant. In versions 2026.2.13 and below, when using macOS, the Claude CLI keychain credential refresh path constructed a shell command to write the updated JSON blob into Keychain via security add-generic-password -w .... Because OAuth tokens are user-controlled data, this created an OS command injection risk. This issue has been fixed in version 2026.2.14.
Statistics
- 1 Post
Last activity: 5 hours ago
Overview
Description
Issue summary: Parsing CMS AuthEnvelopedData message with maliciously
crafted AEAD parameters can trigger a stack buffer overflow.
Impact summary: A stack buffer overflow may lead to a crash, causing Denial
of Service, or potentially remote code execution.
When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as
AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is
copied into a fixed-size stack buffer without verifying that its length fits
the destination. An attacker can supply a crafted CMS message with an
oversized IV, causing a stack-based out-of-bounds write before any
authentication or tag verification occurs.
Applications and services that parse untrusted CMS or PKCS#7 content using
AEAD ciphers (e.g., S/MIME AuthEnvelopedData with AES-GCM) are vulnerable.
Because the overflow occurs prior to authentication, no valid key material
is required to trigger it. While exploitability to remote code execution
depends on platform and toolchain mitigations, the stack-based write
primitive represents a severe risk.
The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this
issue, as the CMS implementation is outside the OpenSSL FIPS module
boundary.
OpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.
OpenSSL 1.1.1 and 1.0.2 are not affected by this issue.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
- Go standard library
- net/url
- net/url
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.03%
KEV
Description
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
Description
A vulnerability has been found in Tenda AC8 16.03.34.06. This affects the function webCgiGetUploadFile of the file /cgi-bin/UploadCfg of the component Httpd Service. The manipulation of the argument boundary leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Statistics
- 1 Post
Last activity: Last hour
Fediverse
π¨ CVE-2026-3044: HIGH severity stack buffer overflow in Tenda AC8 (16.03.34.06) β remote exploit published! Restrict /cgi-bin/UploadCfg, monitor traffic, and disable remote mgmt. Await patches or consider device replacement. https://radar.offseq.com/threat/cve-2026-3044-stack-based-buffer-overflow-in-tenda-c3428cc0 #OffSeq #Vuln #Tenda
Overview
- OpenSift
- OpenSift
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (8.9)
EPSS
0.04%
KEV
Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. Versions 1.1.2-alpha and below render untrusted user/model content in chat tool UI surfaces using unsafe HTML interpolation patterns, leading to XSS. Stored content can execute JavaScript when later viewed in authenticated sessions. An attacker who can influence stored study/quiz/flashcard content could trigger script execution in a victimβs browser, potentially performing actions as that user in the local app session. This issue has been fixed in version 1.1.3-alpha.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
- OpenSift
- OpenSift
20 Feb 2026
Published
20 Feb 2026
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.04%
KEV
Description
OpenSift is an AI study tool that sifts through large datasets using semantic search and generative AI. In versions 1.1.2-alpha and below, URL ingest allows overly permissive server-side fetch behavior and can be coerced into requesting unsafe targets. Potential access/probing of private/local network resources from the OpenSift host process when ingesting attacker-controlled URLs. This issue has been fixed in version 1.1.3-alpha. To workaround when using trusted local-only exceptions, use OPENSIFT_ALLOW_PRIVATE_URLS=true with caution.
Statistics
- 1 Post
Last activity: 3 hours ago
Overview
- Go toolchain
- cmd/go
- cmd/go
28 Jan 2026
Published
29 Jan 2026
Updated
CVSS
Pending
EPSS
0.01%
KEV
Description
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
Statistics
- 1 Post
Last activity: 23 hours ago
Overview
Description
A flaw has been found in D-Link DWR-M960 1.01.07. This affects the function sub_4237AC of the file /boafrm/formLteSetup of the component LTE Configuration Endpoint. Executing a manipulation of the argument submit-url can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used.
Statistics
- 1 Post
Last activity: 12 hours ago
Overview
Description
A vulnerability has been found in Tenda A18 15.13.07.13. This affects the function strcpy of the file /goform/WifiExtraSet of the component Httpd Service. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Statistics
- 1 Post
Last activity: 8 hours ago