CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added last week•7 views

CVE-2026-11557

A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be executed...

9CVSS8.4AI score0.00092EPSS

Cvelist•added 2026/06/09 12:0 a.m.•28 views

CVE-2026-36802

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

0.00254EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•5 views

PT-2026-48194

5.9AI score0.00254EPSS

RedhatCVE•added 2026/06/05 7:48 p.m.•6 views

CVE-2026-10559

A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. The affected element is an unknown function of the file /index.php. Executing a manipulation of the argument page can lead to file inclusion. The attack may be performed from remote. The exploit has been published and may be us...

6.5CVSS6.2AI score0.00052EPSS

RedhatCVE•added 2026/06/05 7:32 p.m.•7 views

CVE-2026-6864

The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.7AI score0.00031EPSS

RedhatCVE•added 2026/06/05 7:31 p.m.•6 views

CVE-2026-6808

The Pricing Tables for WP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0. This is due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.7AI score0.00031EPSS

Positive Technologies•added 2026/06/05 12:0 a.m.•11 views

PT-2026-47055

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description A stack overflow exists in the fromDhcpListClient function. This occurs when processing the page parameter via a crafted HTTP request, which can lead to a Denial of Service DoS, a condition where the...

5.5AI score0.00417EPSS

NVD•added 2026/06/03 1:16 a.m.•9 views

CVE-2026-10694

A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the file /index.php. The manipulation of the argument page results in file inclusion. The attack can be launched remotely. The exploit is now public and may be used...

7.5CVSS0.00061EPSS

CVE•added 2026/06/02 1:0 a.m.•15 views

CVE-2026-10558

SourceCodester Pizzafy Ecommerce System 1.0 has a remote file inclusion in /admin/index.php caused by manipulating the page parameter. The vulnerability affects an unknown function and can be exploited remotely; the exploit is publicly available. CVSS metrics in the sources show MEDIUM severity (...

6.5CVSS6.4AI score0.00052EPSS

Vulnrichment•added 2026/06/02 1:0 a.m.•10 views

CVE-2026-10558 SourceCodester Pizzafy Ecommerce System index.php file inclusion

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is an unknown function of the file /admin/index.php. Performing a manipulation of the argument page results in file inclusion. The attack is possible to be carried out remotely. The exploit is now public and may...

6.5CVSS6.4AI score0.00052EPSS

Cvelist•added 2026/06/02 1:0 a.m.•35 views

CVE-2026-10558 SourceCodester Pizzafy Ecommerce System index.php file inclusion

6.5CVSS0.00052EPSS

NVD•added 2026/06/02 12:16 a.m.•9 views

CVE-2026-10301

A vulnerability was detected in itsourcecode Fees Management System 1.0. The affected element is an unknown function of the file index.php. Performing a manipulation of the argument page results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

5.3CVSS0.00039EPSS

NVD•added 2026/05/24 3:16 p.m.•14 views

CVE-2026-9389

A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function frmL7ImForm of the file /goform/L7Im. The manipulation of the argument page leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used...

9CVSS0.00048EPSS

CNNVD•added 2026/05/24 12:0 a.m.•7 views

Tenda F456 安全漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a security vulnerability. This vulnerability stems from improper handling of the parameter “page” in the function frmL7ImForm located in the file/goform/L7Im. It may lead to a...

9CVSS7.5AI score0.00048EPSS

NVD•added 2026/05/22 5:16 a.m.•14 views

CVE-2026-6864

6.1CVSS0.00031EPSS

Cvelist•added 2026/05/22 3:39 a.m.•32 views

CVE-2026-6864 CBX 5 Star Rating & Review <= 1.0.7 - Reflected Cross-Site Scripting via 'page' Parameter

6.1CVSS0.00031EPSS

EUVD•added 2026/05/22 3:39 a.m.•9 views

EUVD-2026-31409

6.1CVSS6AI score0.00031EPSS

CVE•added 2026/05/22 3:39 a.m.•17 views

CVE-2026-6864

The CVE-2026-6864 concern affects the CBX 5 Star Rating & Review plugin for WordPress. It is a Reflected Cross-Site Scripting flaw via the 'page' parameter in all versions up to 1.0.7, caused by insufficient input sanitization and output escaping. This enables unauthenticated attackers to inject ...

6.1CVSS6AI score0.00031EPSS

ATTACKERKB•added 2026/05/22 3:39 a.m.•5 views

CVE-2026-6864

6.1CVSS6AI score0.00031EPSS