CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials...

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior expose user passwords in plaintext within the administrative interface and HTTP responses, allowing recovery of valid credentials...

CVE-2026-27518 Binardat 10G08-0800GSM Network Switch CSRF

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

CVE-2026-27518 Binardat 10G08-0800GSM Network Switch CSRF

Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes...

CVE-2026-27516

Binardat 10G08-0800GSM network switch firmware versions up to V300SP10260209 expose user passwords in plaintext via the administrative interface and HTTP responses, enabling recovery of valid credentials. Affected component: device firmware with plaintext credential exposure in management paths; ...

PT-2026-21756

Name of the Vulnerable Software and Affected Versions Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 Description The Binardat 10G08-0800GSM network switch firmware does not have Cross-Site Request Forgery CSRF protections for actions that change the system's state...

CVE-2026-27513

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a cross-site request forgery CSRF vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

CVE-2026-27512

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512 Tenda F3 Reflected Script Execution via Missing nosniff Header

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under...

CVE-2026-27512

Affected product/firmware: Shenzhen Tenda F3 Wireless Router, firmware V12.01.01.55_multi. Issue: Content-type confusion in the administrative interface where responses omit the X-Content-Type-Options: nosniff header and reflect attacker-influenced content into the response body. MIME sniffing ma...

CVE-2026-22567

CVE-2026-22567 concerns ZIA Admin UI input validation. The issue allows an authenticated administrator to trigger backend functions via specific input fields in limited scenarios due to improper input validation. Reported CVSS 3.1 base score 7.6 (HIGH) with NETWORK attack vector, HIGH privileges ...

CVE-2026-22568 Unauthorized information retrieval in ZIA Admin UI

Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions...

CVE-2026-22568

CVE-2026-22568 affects the ZIA Admin UI. An authenticated administrator could potentially retrieve unauthorized internal information due to improper neutralization of certain input in rare conditions. The CVSS 3.1 base score is 5.5 (Medium) with Privileges Required: High, User Interaction: None, ...

Zscaler ZIA Admin UI 安全漏洞

Zscaler ZIA Admin UI is a management console interface for the cloud-native security gateway provided by Zscaler Inc. There is a security vulnerability in Zscaler ZIA Admin UI, which stems from improper validation of user input. This vulnerability could allow authenticated administrators to trigg...

Zscaler ZIA Admin UI 安全漏洞

Zscaler ZIA Admin UI is a management console interface for the cloud-native security gateway provided by Zscaler Inc. There is a security vulnerability in Zscaler ZIA Admin UI, which stems from improper neutralization of special elements in the inputs provided by users. This vulnerability may all...

PT-2026-21529

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda F3 Wireless Router firmware version V12.01.01.55 multi Description The web-based administrative interface does not set the X-Frame-Options header, which allows an attacker to embed administrative pages in an iframe. This can tri...