Lucene search
K

13 matches found

CVE
CVE
added 4 days ago9 views

CVE-2026-7620

CVE-2026-7620 affects the WordPress plugin Notification for Telegram (versions up to 3.5.1). The issue is an authorization bypass that allows authenticated attackers with subscriber-level access and above to create, modify, or reschedule the nftb_cron_hook WordPress cron event, enabling unauthori...

4.3CVSS6AI score0.00272EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36752

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

5.3AI score0.01046EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/15 9:30 p.m.9 views

EUVD-2026-36753

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

5.3AI score0.01046EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 8:16 p.m.9 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

9.8CVSS0.01046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-38061

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetvolume via the volume parameter...

0.01046EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.14 views

CVE-2026-38061

CVE-2026-38061 affects Tenda 5G03 with firmware V05.03.02.04 (Version 1.0). It is a command-injection vulnerability in the function action_set_volume through the volume parameter. The CVSSv3.1 metrics indicate a remote, unauthenticated exploit with high impact to confidentiality, integrity, and a...

9.8CVSS5.3AI score0.01046EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 12:0 a.m.31 views

CVE-2026-38062

Tenda 5G03 V05.03.02.04 Version 1.0 is vulnerable to Command injection in the function actionsetratmode via the ratMode parameter...

0.01046EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 12:0 a.m.11 views

CVE-2026-38062

Summary: CVE-2026-38062 affects Tenda 5G03 (V05.03.02.04, Version 1.0). The issue is a command injection in the function action_set_rat_mode via the ratMode parameter. Multiple trusted sources (NVD, EUVD, CVE lists, vuln enrichment) describe this vulnerability with the same root cause. The CVSS v...

9.8CVSS5.3AI score0.01046EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/02 3:31 p.m.6 views

EUVD-2026-18342

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

5.8CVSS5.8AI score0.05698EPSS
Exploits1References13
Cvelist
Cvelist
added 2026/04/02 2:15 p.m.25 views

CVE-2026-5339 Tenda G103 Setting gpon.lua action_set_net_settings command injection

A vulnerability was detected in Tenda G103 1.0.0.5. The impacted element is the function actionsetnetsettings of the file gpon.lua of the component Setting Handler. Performing a manipulation of the argument authLoid/authLoidPassword/authPassword/authSerialNo/authType/oltType/usVlanId/usVlanPriori...

5.8CVSS0.05698EPSS
Exploits1References12
Vulnrichment
Vulnrichment
added 2026/04/02 2:0 p.m.3 views

CVE-2026-5338 Tenda G103 Setting system.lua action_set_system_settings command injection

A security vulnerability has been detected in Tenda G103 1.0.0.5. The affected element is the function actionsetsystemsettings of the file system.lua of the component Setting Handler. Such manipulation of the argument lanIp leads to command injection. The attack may be performed from remote. The...

5.8CVSS5.6AI score0.04353EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/09/18 12:0 a.m.5 views

libfluid 安全漏洞

libfluid is an Open Networking open source application. A security vulnerability exists in libfluid that stems from the fact that the fluidmsg::ActionSet::unpack routine contains a null pointer dereference vulnerability caused by an unchecked return value...

7.5CVSS6.7AI score0.00546EPSS
Exploits0References2
OSV
OSV
added 2018/10/18 7:24 p.m.6 views

GHSA-CR6J-3JP9-RW65 Apache Struts vulnerable to remote command execution (RCE) due to improper input validation

Apache Struts contains a Remote Code Execution when using results with no namespace and it's upper actions have no or wildcard namespace. The same flaw exists when using a url tag with no value, action set, and it's upper actions have no or wildcard namespace...

8.1CVSS7.2AI score0.99993EPSS
Exploits41References27
Rows per page
Query Builder