CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/27 4:16 a.m.•12 views

CVE-2026-7082

A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the argument Go can lead to buffer overflow. The attack can be executed remotely. The exploit has been...

9CVSS0.00619EPSS

ATTACKERKB•added 2026/04/27 4:15 a.m.•1 views

CVE-2026-7086

A vulnerability was identified in HBAI-Ltd Toonflow-app up to 1.1.1. This issue affects the function updateStoryboardUrl of the file replaceUrl.ts of the component Storyboard Export. Such manipulation of the argument url leads to path traversal. It is possible to launch the attack remotely. The...

5.3CVSS5.2AI score0.00408EPSS

Exploits0References6Affected Software1

EUVD•added 2026/04/27 4:15 a.m.•7 views

EUVD-2026-25770

5.3CVSS5.2AI score0.00408EPSS

Vulnrichment•added 2026/04/27 4:0 a.m.•3 views

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

A vulnerability was determined in HBAI-Ltd Toonflow-app up to 1.1.1. This vulnerability affects the function z.url of the file src/routes/setting/about/downloadApp.ts of the component downloadApp Endpoint. This manipulation of the argument url causes path traversal. It is possible to initiate the...

5CVSS5AI score0.00248EPSS

Cvelist•added 2026/04/27 4:0 a.m.•29 views

CVE-2026-7085 HBAI-Ltd Toonflow-app downloadApp Endpoint downloadApp.ts z.url path traversal

5CVSS0.00248EPSS

Cvelist•added 2026/04/27 3:45 a.m.•34 views

CVE-2026-7084 HBAI-Ltd Toonflow-app getCodeByLink Endpoint getCodeByLink.ts fetch server-side request forgery

A vulnerability was found in HBAI-Ltd Toonflow-app up to 1.1.1. This affects the function fetch of the file src/routes/setting/vendorConfig/getCodeByLink.ts of the component getCodeByLink Endpoint. The manipulation of the argument Link results in server-side request forgery. The attack may be...

6.5CVSS0.00262EPSS

EUVD•added 2026/04/27 3:30 a.m.•2 views

EUVD-2026-25766

5.8CVSS5.2AI score0.00253EPSS

Cvelist•added 2026/04/27 3:30 a.m.•27 views

CVE-2026-7083 likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection

5.8CVSS0.00253EPSS

NVD•added 2026/04/27 3:16 a.m.•7 views

CVE-2026-7080

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS0.00641EPSS

NVD•added 2026/04/27 3:15 a.m.•8 views

CVE-2026-7077

A vulnerability was identified in itsourcecode Courier Management System 1.0. The affected element is an unknown function of the file /editparcel.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

7.5CVSS0.00254EPSS

CVE•added 2026/04/27 3:15 a.m.•12 views

CVE-2026-7082

The CVE-2026-7082 vulnerability affects Tenda F456 with firmware 1.0.0.5. The flaw resides in the httpd component, specifically the formWrlExtraSet function in /goform/WrlExtraSet. Crafting a manipulated argument (“Go”) can trigger a buffer overflow, allowing remote code execution. A public explo...

9CVSS8.7AI score0.00619EPSS

Cvelist•added 2026/04/27 3:15 a.m.•33 views

CVE-2026-7082 Tenda F456 httpd WrlExtraSet formWrlExtraSet buffer overflow

9CVSS0.00619EPSS

EUVD•added 2026/04/27 3:15 a.m.•4 views

EUVD-2026-25765

9CVSS6AI score0.00619EPSS

ATTACKERKB•added 2026/04/27 3:15 a.m.•2 views

CVE-2026-7082

9CVSS6AI score0.00619EPSS

EUVD•added 2026/04/27 3:0 a.m.•3 views

EUVD-2026-25764

A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now...

9CVSS5.7AI score0.00619EPSS

ATTACKERKB•added 2026/04/27 3:0 a.m.•4 views

CVE-2026-7081

9CVSS5.7AI score0.00619EPSS

CVE•added 2026/04/27 3:0 a.m.•23 views

CVE-2026-7081

Tenda F456 1.0.0.5 is affected by CVE-2026-7081 in the httpd component. The vulnerability affects the function fromGstDhcpSetSer in /goform/GstDhcpSetSer and is caused by a manipulation of the dips argument, leading to a buffer overflow. Remote exploitation is possible and the exploit is public. ...

9CVSS8.6AI score0.00619EPSS

CVE•added 2026/04/27 2:45 a.m.•11 views

CVE-2026-7080

This CVE affects Tenda F456 devices running version 1.0.0.5, where the httpd component’s file /goform/PPTPUserSetting contains the function fromPPTPUserSetting. The vulnerability arises from manipulation of the delno argument, leading to a buffer overflow. The issue is exploitable remotely and ha...

9CVSS8.7AI score0.00641EPSS

Cvelist•added 2026/04/27 2:45 a.m.•27 views

CVE-2026-7080 Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow

9CVSS0.00641EPSS