4 matches found
CVE-2026-24430
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be expose...
CVE-2026-22081
This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the missing HTTPOnly flag for session cookies associated with the web-based administrative interface. A remote at-tacker could exploit this vulnerability by capturing session cookies...
PT-2022-11284 · Unknown · Textpattern Cms
Name of the Vulnerable Software and Affected Versions: Textpattern CMS versions 4.8.7 and older Description: The issue exists due to a sensitive cookie in HTTPS sessions without the 'Secure' attribute set, specifically affecting the txp login session cookie in the application via...
CVE-2022-22991
A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call. Addressed this vulnerability by disabling checks for internet connectivity using HTTP...