Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

482 matches found

Vulnrichment
Vulnrichmentadded 2026/01/21 12:0 a.m.3 views

CVE-2025-70644

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub60CFC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

5.6AI score0.00311EPSS
Exploits1References1
ATTACKERKB
ATTACKERKBadded 2026/01/21 12:0 a.m.2 views

CVE-2025-70644

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub60CFC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS5.5AI score0.00311EPSS
Exploits1References2
CVE
CVEadded 2026/01/21 12:0 a.m.14 views

CVE-2025-70644

CVE-2025-70644 affects Tenda AX-1806 devices, where a stack overflow is triggered in the time parameter of the sub_60CFC function by a crafted request. The vulnerability can cause a Denial of Service (DoS). Public sources consistently list v1.0.0.1 as affected. Red Hat and CVE databases corrobora...

7.5CVSS5.6AI score0.00311EPSS
Exploits1References1Affected Software1
CNNVD
CNNVDadded 2026/01/21 12:0 a.m.5 views

Tenda AX1806 security vulnerabilities

The Tenda AX1806 is a WiFi6 wireless router produced by the Chinese company Tenda. The Tenda AX1806 v1.0.0.1 version has a security vulnerability. This vulnerability stems from a stack overflow in the time parameter of the sub60CFC function, which may lead to a denial-of-service attack...

7.5CVSS5.9AI score0.00311EPSS
Exploits1References2
Positive Technologies
Positive Technologiesadded 2026/01/21 12:0 a.m.5 views

PT-2026-3782

Name of the Vulnerable Software and Affected Versions Tenda AX-1806 version 1.0.0.1 Description The Tenda AX-1806 device contains a stack overflow issue in the time parameter of the sub 60CFC function. A crafted request can trigger a Denial of Service DoS. The time parameter is vulnerable...

7.5CVSS6AI score0.00311EPSS
Exploits1References3
EUVD
EUVDadded 2026/01/21 12:0 a.m.6 views

EUVD-2026-3653

Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the time parameter of the sub60CFC function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS5.6AI score0.00311EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/01/09 10:56 a.m.3 views

CVE-2022-38311

Tenda AC18 router v15.03.05.19 and v15.03.05.05 was discovered to contain a stack overflow via the time parameter at /goform/PowerSaveSet...

9.8CVSS7.8AI score0.00938EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:50 a.m.4 views

CVE-2022-37799

Tenda AC1206 V15.03.06.23 was discovered to contain a stack overflow via the time parameter at the function setSmartPowerManagement...

9.8CVSS7.8AI score0.01013EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:49 a.m.4 views

CVE-2022-37082

TOTOLINK A7000R V9.1.0u.6115B20201022 was discovered to contain a command injection vulnerability via the hosttime parameter at the function NTPSyncWithHost...

7.8CVSS8.1AI score0.01086EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/01/09 9:16 a.m.1 views

CVE-2025-13847

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS5AI score0.00287EPSS
Exploits0References1
NVD
NVDadded 2026/01/07 12:16 p.m.2 views

CVE-2025-13847

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00287EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/07 9:20 a.m.1 views

CVE-2025-13847 PhotoFade <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS4.7AI score0.00287EPSS
Exploits0References3
CVE
CVEadded 2026/01/07 9:20 a.m.15 views

CVE-2025-13847

CVE-2025-13847 — PhotoFade (WordPress) Vulnerability type: Stored XSS in the PhotoFade WordPress plugin via the time parameter. Affected versions: all versions up to and including 0.2.1. Root cause: Insufficient input sanitization and output escaping in the time parameter. Impact: Authenticated a...

6.4CVSS4.7AI score0.00287EPSS
Exploits0References3
Cvelist
Cvelistadded 2026/01/07 9:20 a.m.24 views

CVE-2025-13847 PhotoFade <= 0.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The PhotoFade plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'time' parameter in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...

6.4CVSS0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2026/01/07 12:0 a.m.4 views

PT-2026-1608

Name of the Vulnerable Software and Affected Versions PhotoFade plugin for WordPress versions up to and including 0.2.1 Description The PhotoFade plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping related to the tim...

6.4CVSS5.8AI score0.00287EPSS
Exploits0References5
CVE
CVEadded 2026/01/06 3:32 p.m.27 views

CVE-2026-0640

CVE-2026-0640 affects Tenda AC23 firmware 16.03.07.52. The vulnerability resides in the sscanf usage of /goform/PowerSaveSet where tampering with the Time argument can cause a buffer overflow. Exploitation can be remote, and public PoC/exploit information exists. Affected component: the PowerSave...

9.8CVSS8.7AI score0.02991EPSS
Exploits1References6Affected Software1
CNNVD
CNNVDadded 2026/01/06 12:0 a.m.6 views

Tenda AC23 安全漏洞

Tenda AC23 is a dual-band gigabit wireless router from Tenda China. A security vulnerability exists in Tenda AC23 version 16.03.07.52, which originates from an incorrect manipulation of the parameter Time in the file /goform/PowerSaveSet, which may result in a buffer overflow...

9.8CVSS9AI score0.02991EPSS
Exploits1References6
Positive Technologies
Positive Technologiesadded 2026/01/06 12:0 a.m.10 views

PT-2026-1431

Name of the Vulnerable Software and Affected Versions Tenda AC23 version 16.03.07.52 Description A flaw exists in Tenda AC23 version 16.03.07.52 related to a buffer overflow. The issue is located in the /goform/PowerSaveSet file and specifically affects the sscanf function. Manipulation of the Ti...

9CVSS7AI score0.02991EPSS
Exploits1References11
RedhatCVE
RedhatCVEadded 2025/12/16 12:25 a.m.5 views

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

6.5CVSS7.7AI score0.01136EPSS
Exploits1References1
NVD
NVDadded 2025/12/15 5:15 p.m.3 views

CVE-2025-55901

TOTOLINK A3300R V17.0.0cu.596B20250515 is vulnerable to command injection in the function NTPSyncWithHost via the hosttime parameter...

6.5CVSS0.01136EPSS
Exploits1References2
Rows per page
Query Builder