10 matches found
CVE-2026-24436
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...
CVE-2026-24435
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...
CVE-2026-24439
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...
CVE-2026-24436
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...
CVE-2026-24437
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...
EUVD-2026-4675
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...
CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...
CVE-2026-24428
The CVE-2026-24428 entry concerns Shenzhen Tenda W30E V2 firmware (up to and including V16.01.0.19(5037)) with an authorization flaw in the user management API. The concrete detail across sources is that a low-privileged authenticated user can alter the administrator password by sending a crafted...
EUVD-2025-27412
Malicious code in bioql PyPI...
EUVD-2025-27291
Malicious code in bioql PyPI...