Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40940 matches found

ATTACKERKB
ATTACKERKBadded 2026/05/11 2:30 a.m.7 views

CVE-2026-8265

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

5.8CVSS5.6AI score0.04412EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/05/11 2:30 a.m.44 views

CVE-2026-8265 Tenda AC6 httpd getLogFile get_log_file os command injection

A security vulnerability has been detected in Tenda AC6 15.03.06.23. Affected by this issue is the function getlogfile of the file /goform/getLogFile of the component httpd. The manipulation of the argument wans.flag leads to os command injection. The attack can be initiated remotely. The exploit...

5.8CVSS0.04412EPSS
Exploits1References5
NVD
NVDadded 2026/05/11 2:16 a.m.40 views

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

9.8CVSS0.04554EPSS
Exploits1References5
NVD
NVDadded 2026/05/11 2:16 a.m.33 views

CVE-2026-8262

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS0.00202EPSS
Exploits0References4
NVD
NVDadded 2026/05/11 2:16 a.m.27 views

CVE-2026-8256

A security vulnerability has been detected in Devs Palace ERP Online up to 4.0.0. This vulnerability affects unknown code of the file /accounts/mr-save. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. T...

4.8CVSS0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/11 2:15 a.m.6 views

CVE-2026-8264 Tenda AC6 httpd WifiApScan formWifiApScan os command injection

A weakness has been identified in Tenda AC6 15.03.06.23. Affected by this vulnerability is the function formWifiApScan of the file /goform/WifiApScan of the component httpd. Executing a manipulation of the argument wl2g.public.country/wl5g.public.country can lead to os command injection. It is...

6.5CVSS6.4AI score0.02891EPSS
Exploits1References5
CVE
CVEadded 2026/05/11 2:15 a.m.24 views

CVE-2026-8264

CVE-2026-8264 affects Tenda AC6 15.03.06.23. The vulnerability is in httpd, specifically the formWifiApScan function in /goform/WifiApScan. An attacker can manipulate the arguments wl2g.public.country/wl5g.public.country to trigger an OS command injection, with remote feasibility. The description...

8.8CVSS6.4AI score0.02891EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/11 2:0 a.m.5 views

CVE-2026-8263 Tenda AC6 httpd WifiExtraSet fromSetWirelessRepeat os command injection

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

5.8CVSS5.6AI score0.04554EPSS
Exploits1References5
CVE
CVEadded 2026/05/11 2:0 a.m.22 views

CVE-2026-8263

The CVE affects Tenda AC6 (firmware 15.03.06.49_multi_TDE01) where the fromSetWirelessRepeat function in /goform/WifiExtraSet within the httpd component is vulnerable. Manipulating the mac/ssid arguments enables an OS command injection, allowing remote exploitation. Public exploits have been rele...

9.8CVSS5.7AI score0.04554EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/11 2:0 a.m.24 views

EUVD-2026-29019

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

5.8CVSS5.6AI score0.04554EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/05/11 1:45 a.m.3 views

CVE-2026-8262

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/11 1:45 a.m.6 views

CVE-2026-8262 Devs Palace ERP Online chart-save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
CVE
CVEadded 2026/05/11 1:45 a.m.16 views

CVE-2026-8262

CVE-2026-8262 affects Devs Palace ERP Online up to version 4.0.0. The issue involves manipulation of the file/function /accounts/chart-save that leads to cross-site scripting (XSS). The vulnerability is exploitable remotely over the network; the exploit is publicly available. Affected component: ...

4.8CVSS4.1AI score0.00202EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/05/11 1:45 a.m.54 views

CVE-2026-8262 Devs Palace ERP Online chart-save cross site scripting

A vulnerability was identified in Devs Palace ERP Online up to 4.0.0. This impacts an unknown function of the file /accounts/chart-save. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was...

4.8CVSS0.00202EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/11 1:15 a.m.7 views

CVE-2026-8260 D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS7.6AI score0.00997EPSS
Exploits2References5
Cvelist
Cvelistadded 2026/05/11 1:15 a.m.52 views

CVE-2026-8260 D-Link DCS-935L HNAP Service hnap_service SetDeviceSettings buffer overflow

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS0.00997EPSS
Exploits2References5
ATTACKERKB
ATTACKERKBadded 2026/05/11 1:15 a.m.6 views

CVE-2026-8260

A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file /web/cgi-bin/hnap/hnapservice of the component HNAP Service. The manipulation of the argument AdminPassword results in buffer overflow. The attack can be executed remotel...

9CVSS7.6AI score0.00997EPSS
Exploits2References5Affected Software1
CVE
CVEadded 2026/05/11 1:0 a.m.20 views

CVE-2026-8259

CVE-2026-8259 affects Tenda AC6 firmware version 2.0/15.03.06.23, where an unknown function in the HTTPD component’s /goform/telnet endpoint mishandles the lan.ip parameter, leading to an OS command injection. This allows remote exploitation with high impact on confidentiality, integrity, and ava...

7.2CVSS5.5AI score0.04447EPSS
Exploits1References5Affected Software1
EUVD
EUVDadded 2026/05/11 12:31 a.m.19 views

EUVD-2026-29006

A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function smfnsmfhandlecreatedatainhsmf of the component SMF. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized...

5.3CVSS5.4AI score0.00378EPSS
Exploits1References6
EUVD
EUVDadded 2026/05/11 12:31 a.m.7 views

EUVD-2026-29001

A vulnerability was detected in Open5GS up to 2.7.7. The affected element is the function updateauthorizedpccruleandqos of the file /src/smf/npcf-handler.c of the component SMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may b...

5.3CVSS5.5AI score0.00471EPSS
Exploits1References6
Rows per page
Query Builder