CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1414 matches found

Trendnet AC2600 TEW-827DRU - Credentials Disclosure

Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from the setup wizard. A user may view information as Admin by manually browsing to the setup wizard and forcing it to redirect to the desired page. id: CVE-2021-20150 info: name: Trendnet AC2600 TEW-827DR...

5.3CVSS6AI score0.56556EPSS

Exploits0References2

RedhatCVE•added 3 days ago•6 views

CVE-2026-10160

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument startwizard leads to stack-based buffer overflow. The attack can be launched remotely. T...

9CVSS6.3AI score0.00041EPSS

Exploits0References1

EUVD•added 4 days ago•7 views

EUVD-2026-33479

9CVSS7.8AI score0.00041EPSS

Exploits0References4

ATTACKERKB•added 4 days ago•6 views

CVE-2026-10160

9CVSS7.8AI score0.00041EPSS

Exploits0References4Affected Software1

CNNVD•added 4 days ago•3 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP contains a security vulnerability. This vulnerability arises from the startwizard operation in the formSetEnableWizard function, resulting in a stack buffer overflow. An...

9CVSS7.7AI score0.00041EPSS

Exploits0References5

Positive Technologies•added 4 days ago•5 views

PT-2026-45164

A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard of the file /goform/formSetEnableWizard. Such manipulation of the argument start wizard leads to stack-based buffer overflow. The attack can be launched remotely...

9CVSS7.8AI score0.00041EPSS

Exploits0References5

OSV•added 2026/05/21 11:27 a.m.•5 views

MAL-2026-4366 Malicious code in @autoheal/setup (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3a8b8b7d51e8865d048583893b08ad3d3d95a8371963b82adc6bf4b7938fe4c1 When the user runs this setup wizard, bin/setup.js posts the user's GitHub Personal Access Token scope repo,user:email, GitHub repo name, branch,...

6AI score

Exploits0References1

OSSF Malicious Packages•added 2026/05/21 11:27 a.m.•7 views

Malicious code in @autoheal/setup (npm)

6AI score

Exploits0References1

Packet Storm•added 2026/05/20 12:0 a.m.•42 views

📄 ZTE ZXHN H168N 3.6 Credential Leak / Admin Compromise

ZTE ZXHN H168N version 3.5 suffers from a password leak vulnerability that leads to full administrative compromise. Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential Leak to Full Admin Compromise Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2021-21735 Vendor: ZT...

6.5CVSS6.6AI score0.00171EPSS

Exploits2

Packet Storm•added 2026/05/20 12:0 a.m.•54 views

📄 ZTE ZXHN H188A 6 Authentication Bypass / Credential Disclosure

ZTE ZXHN H188A version 6 suffers from an authentication bypass vulnerability via a pre-login wizard credential leak. Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login Wizard Credential Leak Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE: CVE-2026-34472 Vendor: ZTE...

7.1CVSS5.8AI score0.00829EPSS

Exploits3

vulnersOsv•added 2026/05/19 12:0 a.m.•2 views

@antv/auto-chart (>=2.0.0 <=2.1.0-alpha.0), @antv/chart-advisor (>=2.0.0 <=2.1.0-alpha.1) +4 more potentially affected by unknown CVE via @antv/data-wizard (>=2.0.4 <=2.1.0-alpha.5)

@antv/data-wizard NPM version =2.0.4, =2.0.0, =2.0.0, =1.2.0-beta.0, =2.0.0, =2.0.0, =0.0.1, =0.1.0-beta.57 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3869...

5.8AI score

Exploits0

RedhatCVE•added 2026/05/18 7:58 p.m.•7 views

CVE-2026-42288

ChurchCRM is an open-source church management system. Prior to 7.3.2, The fix for CVE-2026-39337 is incomplete. The pre-authentication remote code execution vulnerability in ChurchCRM's setup wizard via unsanitized DBPASSWORD remains fully exploitable This vulnerability is fixed in 7.3.2...

10CVSS6.4AI score0.00328EPSS

Exploits0References1

NVD•added 2026/05/12 11:16 p.m.•9 views

CVE-2026-42288

10CVSS0.00328EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 10:25 p.m.•5 views

CVE-2026-42288 ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD

10CVSS6.4AI score0.00328EPSS

Exploits0References1

Cvelist•added 2026/05/12 10:25 p.m.•29 views

CVE-2026-42288 ChurchCRM: Incomplete fix for CVE-2026-39337: Unauthenticated RCE in Setup Wizard via unsanitized DB_PASSWORD

10CVSS0.00328EPSS

Exploits0References1

CVE•added 2026/05/12 10:25 p.m.•9 views

CVE-2026-42288

ChurchCRM prior to version 7.1.0 is affected by a pre-auth RCE in the setup wizard due to unsanitized DB_PASSWORD handling, enabling unauthenticated PHP code injection during initial install. The issue stems from an incomplete fix for a previous CVE and is fixed in 7.1.0. Impact is described as f...

10CVSS6.4AI score0.00328EPSS

Exploits0References1

EUVD•added 2026/05/12 10:25 p.m.•6 views

EUVD-2026-29876

10CVSS6.4AI score0.00328EPSS

Exploits2References1

ATTACKERKB•added 2026/05/12 10:25 p.m.•3 views

CVE-2026-42288

10CVSS6.4AI score0.00328EPSS

Exploits2References2Affected Software1

EUVD•added 2026/05/12 3:31 a.m.•4 views

EUVD-2026-29362

Due to missing authorization check in SAP Strategic Enterprise Management Scorecard Wizard in Business Server Pages, an authenticated attacker could access information that they are otherwise unauthorized to view. This vulnerability also enables the attacker to change the default settings and...

5.4CVSS5.8AI score0.00009EPSS

Exploits0References3

NVD•added 2026/05/12 3:16 a.m.•7 views

CVE-2026-40132

5.4CVSS0.00009EPSS

Exploits0References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by