Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

38 matches found

Cvelist
Cvelistadded 6 days ago27 views

CVE-2026-45551 Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting Write

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS0.00043EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 6 days ago5 views

CVE-2026-45551 Group-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting Write

Group-Office is an enterprise customer relationship management and groupware tool. Prior to 26.0.25, 25.0.100, and 6.8.165, GroupOffice allows authenticated users to persist arbitrary legacy settings for any userid via index.php?r=core/saveSetting. A separate client-side sink in the email module...

5.1CVSS5.9AI score0.00043EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week8 views

CVE-2026-9428

A vulnerability has been found in Tenda F1202 1.2.0.20408. Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the...

9CVSS7.7AI score0.00048EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/28 6:4 p.m.22 views

CVE-2026-4944 Hardcoded trust_remote_code=True in vllm-project/vllm Bypasses User Security Control

vllm-project/vllm version 0.14.1 contains a vulnerability where the trustremotecode=True parameter is hardcoded in two model implementation files vllm/modelexecutor/models/nemotronvl.py and vllm/modelexecutor/models/kimik25.py. This bypasses the user's explicit --trust-remote-code=False setting,...

8.8CVSS0.00097EPSS
Exploits0References1
NVD
NVDadded 2026/05/25 7:16 a.m.6 views

CVE-2026-9428

A vulnerability has been found in Tenda F1202 1.2.0.20408. Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the...

9CVSS0.00048EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/25 5:0 a.m.4 views

CVE-2026-9428

A vulnerability has been found in Tenda F1202 1.2.0.20408. Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the...

9CVSS7.7AI score0.00048EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologiesadded 2026/05/25 12:0 a.m.7 views

PT-2026-43007

A vulnerability has been found in Tenda F1202 1.2.0.20408. Affected is the function fromPPTPUserSetting of the file /goform/PPTPUserSetting. Such manipulation of the argument delno leads to stack-based buffer overflow. The attack may be performed from remote. The exploit has been disclosed to the...

9CVSS7.7AI score0.00048EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/05/25 12:0 a.m.6 views

Tenda F1202 安全漏洞

The Tenda F1202 is a dual-band Wi-Fi router with fifth-generation technology from Tenda, China. A security vulnerability exists in the Tenda F1202 version 1.2.0.20408, which originates from manipulation of the parameter delno of the function fromPPTPUserSetting in the file /goform/PPTPUserSetting...

9CVSS7.6AI score0.00048EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/17 12:11 p.m.3 views

CVE-2018-25330

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00016EPSS
Exploits0References4Affected Software1
EUVD
EUVDadded 2026/05/17 12:11 p.m.4 views

EUVD-2018-21850

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00016EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/05/17 12:11 p.m.3 views

CVE-2018-25330 Joomla! EkRishta 2.10 Persistent XSS and SQL Injection

Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to inject malicious code through profile fields and POST parameters. Attackers can inject script payloads in profile information fields like Address that execute when...

8.8CVSS5.8AI score0.00016EPSS
Exploits0References4
CVE
CVEadded 2026/05/17 12:11 p.m.12 views

CVE-2018-25330

Joomla! EkRishta 2.10 is affected by persistent XSS and SQL injection as described in CVE-2018-25330. The vulnerabilities enable attackers to inject script payloads into profile information (e.g., Address) and SQL payloads via the phone_no parameter to user_setting, allowing script execution when...

8.8CVSS5.8AI score0.00016EPSS
Exploits0References4
CVE
CVEadded 2026/04/27 2:45 a.m.5 views

CVE-2026-7080

This CVE affects Tenda F456 devices running version 1.0.0.5, where the httpd component’s file /goform/PPTPUserSetting contains the function fromPPTPUserSetting. The vulnerability arises from manipulation of the delno argument, leading to a buffer overflow. The issue is exploitable remotely and ha...

9CVSS8.7AI score0.00092EPSS
Exploits1References5Affected Software1
Cvelist
Cvelistadded 2026/04/27 2:45 a.m.24 views

CVE-2026-7080 Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS0.00092EPSS
Exploits1References5
ATTACKERKB
ATTACKERKBadded 2026/04/27 2:45 a.m.1 views

CVE-2026-7080

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS8.7AI score0.00092EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichmentadded 2026/04/27 2:45 a.m.1 views

CVE-2026-7080 Tenda F456 httpd PPTPUserSetting fromPPTPUserSetting buffer overflow

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS8.7AI score0.00092EPSS
Exploits1References5
CNNVD
CNNVDadded 2026/04/27 12:0 a.m.5 views

Tenda F456 缓冲区错误漏洞

The Tenda F456 is a wireless router produced by the Chinese company Tenda. Version 1.0.0.5 of the Tenda F456 contains a buffer overflow vulnerability. This vulnerability stems from improper handling of the parameter delno in the fromPPTPUserSetting function within the httpd component’s...

9CVSS7.5AI score0.00092EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2026/04/27 12:0 a.m.2 views

PT-2026-35343

A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the argument delno leads to buffer overflow. The attack may be launched remotely. The exploit has been...

9CVSS8.7AI score0.00092EPSS
Exploits1References6
NVD
NVDadded 2026/03/29 2:16 a.m.4 views

CVE-2026-5021

A flaw has been found in Tenda F453 1.0.0.3. This affects the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. This manipulation of the argument delno causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been...

9CVSS0.00092EPSS
Exploits1References5
CVE
CVEadded 2026/03/29 1:15 a.m.4 views

CVE-2026-5021

CVE-2026-5021 affects Tenda F453 1.0.0.3. The vulnerability is a stack-based overflow in httpd’s fromPPTPUserSetting (/goform/PPTPUserSetting) caused by manipulating the delno argument. Remote exploitation is possible and exploits have been published. Remediation in documents: update to a newer v...

9CVSS7.5AI score0.00092EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder