CVE-2026-14629
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of th
CVSS
4.3
Medium
EPSS
0.3%
p23
KEV
—
Exploit Today
7
0-100
Published: Jul 4, 2026 · Last modified: Jul 6, 2026 · CWE-369 · CWE-404
0.3%EPSS · 30 days0.3%
2026-07-052026-07-16
A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sys_ioctl of the file components/lwp/lwp_syscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance.
- github.comhttps://github.com/RT-Thread/rt-thread/
- github.comhttps://github.com/RT-Thread/rt-thread/issues/11429
- github.comhttps://github.com/RT-Thread/rt-thread/pull/11453
- vuldb.comhttps://vuldb.com/cve/CVE-2026-14629
- vuldb.comhttps://vuldb.com/submit/845610
- vuldb.comhttps://vuldb.com/vuln/376145
- vuldb.comhttps://vuldb.com/vuln/376145/cti
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2020-288747.5 HIG81.8%
——25reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter).8dCVE-2025-97847.5 HIG80.2%
——24A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS).17dCVE-2021-414417.4 HIG72.8%
——22A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot.8dCVE-2022-351916.5 MED55.6%
——17D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via a crafted HTTP connection request.8dCVE-2024-338447.5 HIG41.2%
——12The 'control' in Parrot ANAFI USA firmware 1.10.4 does not check the MAV_MISSION_TYPE(0, 1, 2, 255), which allows attacker to cut off the connection between a controller and the drone by sending MAVLink MISSION_COUNT command with a wrong MAV_MISSION_TYPE.8dCVE-2026-146234.3 MED40.8%
——12A vulnerability was determined in omec-project amf up to 2.1.1. This issue affects the function RRCInactiveTransitionReport of the component NGAP Message Handler. Executing a manipulation can lead to denial of service. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. This patch is called 34bc6724acc97dba1f8691e586da95b042cb612d. A patch should be applied to remediate this issue.10d