CVE-2026-13518

Publié : 29 juin 2026

Modifié : 29 juin 2026

Score CVSS

8.8

HIGH

Description détaillée

A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function fromAddressNat of the file /goform/addressNat. The manipulation of the argument page leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Références et Patchs

https://github.com/cve-a/Vampirensa/issues/4 https://vuldb.com/cve/CVE-2026-13518 https://vuldb.com/submit/838889 https://vuldb.com/vuln/374526 https://vuldb.com/vuln/374526/cti https://www.tenda.com.cn/

Dernières Vulnérabilités

CVE-2026-13531

A security flaw has been discovered in itsourcecode Hospital Management System 1.0. Affected is an unknown function of the file /department.php. The manipulation of the argument editid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

VOIR DÉTAILS

CVE-2026-13530

A vulnerability was identified in itsourcecode Hospital Management System 1.0. This impacts an unknown function of the file /appointmentdetail.php of the component Appointment Handler. The manipulation of the argument editid leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

VOIR DÉTAILS

CVE-2026-13529

A vulnerability was determined in YzmCMS up to 7.5. This affects an unknown function of the file /application/install/index.php. Executing a manipulation of the argument siteurl can lead to sql injection. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

VOIR DÉTAILS