Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

RedhatCVE
RedhatCVEadded 2026/01/27 9:23 p.m.2 views

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

5.5CVSS5.9AI score0.00008EPSS
Exploits0References1
NVD
NVDadded 2026/01/26 6:16 p.m.3 views

CVE-2026-24430

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be expose...

8.2CVSS0.00056EPSS
Exploits0References2
NVD
NVDadded 2026/01/26 6:16 p.m.4 views

CVE-2026-24429

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated acce...

9.8CVSS0.0014EPSS
Exploits0References2
CVE
CVEadded 2026/01/26 5:46 p.m.8 views

CVE-2026-24432

Shenzhen Tenda W30E V2 firmware up to 16.01.0.19(5037) lacks CSRF protections on administrative endpoints, including password changes. An attacker could craft requests that, when triggered by an authenticated user’s browser, modify admin passwords and other settings. Root cause: missing CSRF prot...

5.1CVSS5.9AI score0.00026EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/01/26 5:40 p.m.2 views

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

4.8CVSS5.9AI score0.00008EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/01/26 5:40 p.m.3 views

CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS5.9AI score0.00045EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/01/26 12:0 a.m.2 views

PT-2026-4803

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

2.1CVSS5.9AI score0.0005EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-27414

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00139EPSS
Exploits1References1
NVD
NVDadded 2025/09/09 6:15 p.m.2 views

CVE-2025-57086

Tenda W30E V16.01.0.19 5037 was discovered to contain a stack overflow in the String parameter in the formDeleteMeshNode function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted request...

7.5CVSS0.00139EPSS
Exploits1References1
Rows per page
Query Builder