CVE-2026-27513

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-26351

CVE-2026-26351 affects GetSimpleCMS Community Edition 3.3.16. A stored XSS flaw exists in the Theme to Components workflow (components.php): user input in the component "slug" field is written to XML and later rendered in the admin interface without proper sanitization, enabling persistent script...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the adminLoad.handleLoad process. An attacker can modify the running configuration and alter server behavior by sending cross-origin requests to the local admin API when origin enforcement is not...

CVE-2026-27589

Caddy is an extensible server platform that uses TLS by default. Prior to version 2.11.1, the local caddy admin API default listen 127.0.0.1:2019 exposes a state-changing POST /load endpoint that replaces the entire running configuration. When origin enforcement is not enabled enforceorigin not...

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials...

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials...

CVE-2026-27518 Binardat 10G08-0800GSM Network Switch CSRF

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

CVE-2026-27518 Binardat 10G08-0800GSM Network Switch CSRF

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware versions up to V300SP10260209 expose user passwords in plaintext via the administrative interface and HTTP responses, enabling recovery of valid credentials. Affected component: device firmware with plaintext credential exposure in management paths; ...

PT-2026-21756

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The Binardat 10G08-0800GSM network switch firmware does not have Cross-Site Request Forgery CSRF protections for actions that change the system's state...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27513

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512

Affected product/firmware: Shenzhen Tenda F3 Wireless Router, firmware V12.01.01.55_multi. Issue: Content-type confusion in the administrative interface where responses omit the X-Content-Type-Options: nosniff header and reflect attacker-influenced content into the response body. MIME sniffing ma...

CVE-2026-22567

CVE-2026-22567 concerns ZIA Admin UI input validation. The issue allows an authenticated administrator to trigger backend functions via specific input fields in limited scenarios due to improper input validation. Reported CVSS 3.1 base score 7.6 (HIGH) with NETWORK attack vector, HIGH privileges ...

CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...