Security Vulnerabilities
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the list parameter, which can cause memory corruption and enable remote code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-01-21
Tenda AX3 firmware v16.03.12.11 contains a stack overflow in formSetIptv via the vlanId parameter, which can cause memory corruption and enable remote code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-01-21
Tenda AX3 firmware v16.03.12.11 contains a stack-based buffer overflow in the formGetIptv function due to improper handling of the citytag stack buffer, which may result in memory corruption and remote code execution.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-01-21
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the GGUF decoder
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-21
An issue in ollama v.0.12.10 allows a remote attacker to cause a denial of service via the fs/ggml/gguf.go, function readGGUFV1String reads a string length from untrusted GGUF metadata
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-21
Mini Mouse 9.3.0 contains a path traversal vulnerability that allows attackers to access sensitive system directories through the device information endpoint. Attackers can retrieve file lists from system directories like /usr, /etc, and /var by manipulating file path parameters in API requests.
CVSS Score
6.2
EPSS Score
0.0
Published
2026-01-21
Mini Mouse 9.2.0 contains a path traversal vulnerability that allows remote attackers to access arbitrary system files and directories through crafted HTTP requests. Attackers can retrieve sensitive files like win.ini and list contents of system directories such as C:\Users\Public by manipulating file and path parameters.
CVSS Score
7.5
EPSS Score
0.002
Published
2026-01-21
Mini Mouse 9.2.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary commands through an unauthenticated HTTP endpoint. Attackers can leverage the /op=command endpoint to download and execute payloads by sending crafted JSON requests with malicious script commands.
CVSS Score
9.8
EPSS Score
0.003
Published
2026-01-21
Tenda D151 and D301 routers contain an unauthenticated configuration download vulnerability that allows remote attackers to retrieve router configuration files. Attackers can send a request to /goform/getimage endpoint to download configuration data including admin credentials without authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-01-21
OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance.
CVSS Score
5.4
EPSS Score
0.001
Published
2026-01-21