CVE-2026-13515

Publié : 29 juin 2026

Modifié : 29 juin 2026

Score CVSS

8.8

HIGH

Description détaillée

A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://github.com/cve-a/Vampirensa/issues/1 https://vuldb.com/cve/CVE-2026-13515 https://vuldb.com/submit/838885 https://vuldb.com/vuln/374523 https://vuldb.com/vuln/374523/cti https://www.tenda.com.cn/

Dernières Vulnérabilités

CVE-2026-13522

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is possible to initiate the attack remotely. This vulnerability only affects products that are no longer supported by the maintainer.

VOIR DÉTAILS

CVE-2026-13521

A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php. Affected by this vulnerability is an unknown functionality of the file /preview5.php. Such manipulation of the argument course_year_section leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

VOIR DÉTAILS

CVE-2026-13520

A vulnerability was determined in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /appointmentapproval.php of the component Appointment Handler. This manipulation of the argument editid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.

VOIR DÉTAILS