CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/02/23 4:26 p.m.•4 views

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

6.1CVSS5.6AI score0.00049EPSS

CVE•added 2026/02/23 4:26 p.m.•7 views

CVE-2026-27512

Affected product/firmware: Shenzhen Tenda F3 Wireless Router, firmware V12.01.01.55_multi. Issue: Content-type confusion in the administrative interface where responses omit the X-Content-Type-Options: nosniff header and reflect attacker-influenced content into the response body. MIME sniffing ma...

6.1CVSS5.7AI score0.00049EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/23 4:26 p.m.•22 views

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

6.1CVSS0.00049EPSS

Positive Technologies•added 2026/02/23 12:0 a.m.•5 views

PT-2026-21530

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The administrative interface of the software lacks the X-Content-Type-Options: nosniff header in responses and includes attacker-influenced content that can be...

6.1CVSS5.4AI score0.00049EPSS

RedhatCVE•added 2026/01/29 9:24 a.m.•5 views

CVE-2026-1466

Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image except for...

NVD•added 2026/01/28 7:16 a.m.•5 views

Exploits0References1

CVE-2026-1466

6.1CVSS0.00016EPSS

Cvelist•added 2026/01/28 6:33 a.m.•26 views

CVE-2026-1466 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

6.1CVSS0.00016EPSS

OSV•added 2026/01/28 6:33 a.m.•4 views

CVE-2026-1466 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau

EUVD•added 2026/01/28 6:33 a.m.•3 views

Exploits0References6

EUVD-2026-4867

ATTACKERKB•added 2026/01/28 6:33 a.m.•4 views

CVE-2026-1466

CVE•added 2026/01/28 6:33 a.m.•13 views

Exploits0References5

CVE-2026-1466

CVE-2026-1466 concerns Jirafeau, where the MIME-type based preview guard (image/* except image/svg+xml, plus video/audio) could be bypassed by sending a crafted request with an invalid MIME type (e.g., image). During preview, browsers may sniff the MIME type and detect SVG, potentially executing ...

6.1CVSS5.4AI score0.00016EPSS

Exploits0References4Affected Software1

Positive Technologies•added 2026/01/28 12:0 a.m.•6 views

PT-2026-5062

CVE-2026-1466 Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. Th… https://t.co/rSEVfvxJRR...

6.1CVSS5.1AI score0.00166EPSS

Exploits0References11

RedhatCVE•added 2026/01/27 9:23 p.m.•4 views

CVE-2026-24439

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

6.5CVSS5.9AI score0.0005EPSS

Exploits0References1

OSV•added 2026/01/26 6:16 p.m.•1 views

CVE-2026-24439

6.5CVSS5.8AI score0.0005EPSS

NVD•added 2026/01/26 6:16 p.m.•5 views

CVE-2026-24439

6.5CVSS0.0005EPSS

EUVD•added 2026/01/26 5:48 p.m.•3 views

EUVD-2026-4674

2.1CVSS5.9AI score0.0005EPSS