|
3401
|
6.5 |
MEDIUM
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains an out-of-bounds read in the NetFlow v9 options template parser. In process_netflow_v9_options_template() (src/netflow_plugin/netflow_v9_collector.…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-48684
|
2026-05-27 23:26 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3402
|
6.5 |
MEDIUM
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 has out-of-bounds memory access because it incorrectly parses BGP path attributes with the extended length flag set. In src/bgp_protocol.hpp, the parse_raw_…
|
CWE-130
Improper Handling of Length Parameter Inconsistency
|
CVE-2026-48685
|
2026-05-27 23:23 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3403
|
9.8 |
CRITICAL
Network
|
pavel-odintsov
|
fastnetmon
|
FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability Information) decoder. The function decode_bgp_subnet_encoding_ipv4_raw() …
|
CWE-120
CWE-787
Classic Buffer Overflow
Out-of-bounds Write
|
CVE-2026-48686
|
2026-05-27 23:23 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3404
|
- |
|
-
|
-
|
Improper Following of a Certificate's Chain of Trust vulnerability in Erlang OTP public_key (pubkey_cert module) allows a non-CA certificate to be accepted as an intermediate issuer, enabling certifi…
|
CWE-295
CWE-296
Improper Certificate Validation
Improper Following of a Certificate's Chain of Trust
|
CVE-2026-42789
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3405
|
3.3 |
LOW
Local
|
-
|
-
|
NewNTUnicodeString does not check for string length overflow. When provided with a string that overflows the maximum size of a NTUnicodeString (a 16-bit number of bytes), it returns a truncated strin…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2026-39824
|
2026-05-27 23:16 |
2026-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3406
|
- |
|
-
|
-
|
An issue in fetch_jpg() in xdrv_10_scripter.ino in Tasmota through 15.3.0.3 allows a remote attacker to cause heap buffer overflow. The Content-Length from a JPEG stream is stored in a uint16_t varia…
|
-
|
CVE-2026-38427
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3407
|
- |
|
-
|
-
|
Buffer Overflow vulnerability in arendst Tasmota v.15.3.0.3 and before allows a remote attacker to execute arbitrary code via the xdrv_10_scripter.ino, fetch_jpg(), jpg_task.boundary[40], strcpy() fu…
|
-
|
CVE-2026-38426
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3408
|
- |
|
-
|
-
|
In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to …
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-35090
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3409
|
- |
|
-
|
-
|
In Slican telephone exchanges secure key is generated in a predictable manner using properties of the telephone exchange which can be obtained without authentication. An unauthenticated attacker can …
|
CWE-1391
Use of Weak Credentials
|
CVE-2026-35089
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3410
|
- |
|
-
|
-
|
Slican telephone exchanges allow administrative protocol authentication bypass. An attacker can bypass the need to enter login credentials by executing the appropriate command.
This issue was fixed…
|
CWE-288
Authentication Bypass Using an Alternate Path or Channel
|
CVE-2026-35087
|
2026-05-27 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
