Lucene search
K

4 matches found

OSV
OSV
added 2026/01/26 6:16 p.m.7 views

CVE-2026-24430

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be expose...

7.5CVSS5.7AI score0.00235EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.4 views

CVE-2026-22081

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...

8.8CVSS6.8AI score0.0037EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/06/29 12:0 a.m.5 views

PT-2022-11284 · Unknown · Textpattern Cms

Name of the Vulnerable Software and Affected Versions: Textpattern CMS versions 4.8.7 and older Description: The issue exists due to a sensitive cookie in HTTPS sessions without the 'Secure' attribute set, specifically affecting the txp login session cookie in the application via...

4.3CVSS4.4AI score0.00485EPSS
Exploits0References7
OSV
OSV
added 2022/01/13 9:15 p.m.6 views

CVE-2022-22991

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP...

8.8CVSS7.3AI score0.01333EPSS
Exploits0References2
Rows per page
Query Builder