Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/27 9:23 p.m.10 views

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.8CVSS5.9AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2026/01/26 6:16 p.m.4 views

CVE-2026-24435

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...

6.5CVSS5.8AI score0.00211EPSS
Exploits0References2
NVD
NVD
added 2026/01/26 6:16 p.m.10 views

CVE-2026-24439

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...

6.5CVSS0.00169EPSS
Exploits0References2
NVD
NVD
added 2026/01/26 6:16 p.m.15 views

CVE-2026-24436

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.8CVSS0.00418EPSS
Exploits0References2
NVD
NVD
added 2026/01/26 6:16 p.m.5 views

CVE-2026-24437

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 serve sensitive administrative content without appropriate cache-control directives. As a result, browsers may store credential-bearing responses locally, exposing them to subsequent unauthorized access...

5.5CVSS0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 5:49 p.m.6 views

EUVD-2026-4675

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 implement an insecure Cross-Origin Resource Sharing CORS policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: in combination with Access-Control-Allow-Credentials: true, allowing...

7.1CVSS5.9AI score0.00211EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/26 5:40 p.m.24 views

CVE-2026-24436 Tenda W30E V2 Lacks Rate Limiting on Authentication

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 do not enforce rate limiting or account lockout mechanisms on authentication endpoints. This allows attackers to perform unrestricted brute-force attempts against administrative credentials...

9.2CVSS0.00418EPSS
Exploits0References2
CVE
CVE
added 2026/01/26 5:39 p.m.20 views

CVE-2026-24428

The CVE-2026-24428 entry concerns Shenzhen Tenda W30E V2 firmware (up to and including V16.01.0.19(5037)) with an authorization flaw in the user management API. The concrete detail across sources is that a low-privileged authenticated user can alter the administrator password by sending a crafted...

8.8CVSS5.9AI score0.0029EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2025-27412

Malicious code in bioql PyPI...

9.8CVSS6.5AI score0.00437EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-27291

Malicious code in bioql PyPI...

7.5CVSS6.5AI score0.00456EPSS
Exploits1References1
Rows per page
Query Builder