Monitor vulnerabilities that affect your stack. Sign up free to get alerts when software you use is affected.

CVE Vulnerabilities - 9 March 2026

RSS

257 vulnerabilities published on 9 March 2026

Severity:
UTT HiPER 810G: Unsecured Copy Function Allows Remote Data Overflow
CVE-2026-3815
A weakness has been identified in UTT HiPER 810G up to 1.7.7-1711. This affects the function strcpy of the file /goform/formApMail. Executing a manipu...
7.4
UTT HiPER 810G allows unauthorized remote access
CVE-2026-3814
A security flaw has been discovered in UTT HiPER 810G up to 1.7.7-1711. Affected by this issue is the function strcpy of the file /goform/getOneApConf...
7.4
Tenda FH1202 Router: Remote Code Execution from Malicious Input
CVE-2026-3811
A vulnerability was found in Tenda FH1202 1.2.0.14(408). This impacts the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulati...
7.4
Unauthenticated attacker can take full control of the device via HTTP
CVE-2025-41766
A low-privileged remote attacker can trigger a stack-based buffer overflow via a crafted HTTP POST request using the ubr-network method resulting in f...
8.8
WordPress File Upload Vulnerability Allows Unintended File Overwriting
CVE-2025-41758
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead t...
8.8
UBR Can Create or Overwrite Files with Elevated Privileges
CVE-2025-41757
A low-privileged remote attacker can abuse the backup restore functionality of UBR (ubr-restore) which runs with elevated privileges and does not vali...
8.8
Tenda FH1202 Router Allows Remote Code Execution
CVE-2026-3810
A vulnerability has been found in Tenda FH1202 1.2.0.14(408). This affects the function fromDhcpListClient of the file /goform/DhcpListClient. The man...
7.4
Tenda Router: Remote Code Execution via Malicious Configuration
CVE-2026-3809
A flaw has been found in Tenda FH1202 1.2.0.14(408). The impacted element is the function fromNatStaticSetting of the file /goform/NatSaticSetting. Ex...
7.4
Tenda Router: Remote Code Execution via Malicious Website ID
CVE-2026-3808
A vulnerability was detected in Tenda FH1202 1.2.0.14(408). The affected element is the function formWebTypeLibrary of the file /goform/webtypelibrary...
7.4
Tenda FH1202 Wireless Router: Unsecured Configuration Settings
CVE-2026-3807
A security vulnerability has been detected in Tenda FH1202 1.2.0.14(408). Impacted is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset...
7.4
janobe Resort Reservation System SQL Injection Risk
CVE-2026-3806
A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_ra...
5.3
Tenda i3 Firmware 1.0.0.6(2204) Wi-Fi Settings Overflow
CVE-2026-3804
A security flaw has been discovered in Tenda i3 1.0.0.6(2204). This vulnerability affects the function formWifiMacFilterSet of the file /goform/WifiMa...
7.4
Tenda i3 Router: Remote Code Execution through Malicious Index
CVE-2026-3803
A vulnerability was identified in Tenda i3 1.0.0.6(2204). This affects the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet. The man...
7.4
Tenda i3 Router: Remote Command Execution from Malicious Input
CVE-2026-3802
A vulnerability was determined in Tenda i3 1.0.0.6(2204). Affected by this issue is the function formexeCommand of the file /goform/exeCommand. Execut...
7.4
Tenda i3 Router Allows Remote Code Execution Through Malformed Input
CVE-2026-3801
A vulnerability was found in Tenda i3 1.0.0.6(2204). Affected by this vulnerability is the function formSetAutoPing of the file /goform/setAutoPing. P...
7.4
Unrestricted File Upload in Janobe Resort Reservation System
CVE-2026-3800
A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?a...
5.3
Tenda i3 Router: Unauthenticated Remote Code Execution Possible
CVE-2026-3799
A flaw has been found in Tenda i3 1.0.0.6(2204). This impacts the function formSetCfm of the file /goform/setcfm. This manipulation of the argument fu...
7.4
Tiandy Video Surveillance System allows unauthorized file uploads
CVE-2026-3797
A security vulnerability has been detected in Tiandy Video Surveillance System 视频监控平台 7.17.0. The impacted element is the function uploadFile of the f...
5.3
SourceCodester Sales and Inventory System SQL Injection Risk
CVE-2026-3793
A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.ph...
5.3
SourceCodester Sales and Inventory System: SQL Injection Risk in Purchase Invoices
CVE-2026-3792
A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the compo...
5.3
SourceCodester Sales and Inventory System: SQL Injection Risk in Search
CVE-2026-3791
A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dash...
5.3
SourceCodester Sales and Inventory System: Supplier Details SQL Injection
CVE-2026-3790
A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_s...
5.3
Bytedesk: Malicious URLs Can Be Faked to Access Sensitive Data
CVE-2026-3789
A vulnerability was detected in Bytedesk up to 1.3.9. Affected is the function getModels of the file source-code/src/main/java/com/bytedesk/ai/springa...
5.3
Bytedesk 1.3.9: Unapproved API URLs Lead to Remote Attack
CVE-2026-3788
A security vulnerability has been detected in Bytedesk up to 1.3.9. This impacts the function getModels of the file source-code/src/main/java/com/byte...
5.3
AzuraCast: Untrusted User Input Can Run Malicious Code
GHSA-93fx-5qgc-wr38
## Summary AzuraCast's `ConfigWriter::cleanUpString()` method fails to sanitize Liquidsoap string interpolation sequences (`#{...}`), allowing authen...
8.7
8 Mar 2026 All days 10 Mar 2026