16812 matches found
CVE-2026-1632
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...
CVE-2026-1633
CVE-2026-1633 concerns the Synectix LAN 232 TRIO 3-Port serial-to-Ethernet adapter, where the web management interface is exposed without authentication. This allows unauthenticated users to modify critical device settings or perform a factory reset, per multiple sources. The reported impact incl...
CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...
CVE-2026-1633
The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...
CVE-2026-1632
MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...
CVE-2026-24426
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
EUVD-2026-5154
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
CVE-2026-24434
The CVE-2026-24434 affects Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01_cn. The web management interface is missing anti-CSRF protections and robust origin validation, enabling a logged-in administrator to be induced to perform unintended state-changing requests and modify router se...
CVE-2026-24434 Tenda AC7 Web Interface Lacks CSRF Protections for Admin Actions
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior does not implement CSRF protections for administrative functions in the web management interface. The interface does not enforce anti-CSRF tokens or robust origin validation, which can allow an attacker to induce a logged-in administrat...
CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24426 Tenda AC7 Reflected XSS via Web Interface Output Encoding
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-24426
The CVE-2026-24426 issue affects Shenzhen Tenda AC7 firmware prior to V03.03.03.01_cn, where an improper output encoding in the web management interface reflects user input in HTTP responses. This reflected XSS risk could allow injection of arbitrary HTML/JavaScript into a victim’s browser contex...
EUVD-2026-5183
Shenzhen Tenda AC7 firmware version V03.03.03.01cn and prior contain an improper output encoding vulnerability in the web management interface. User-supplied input is reflected in HTTP responses without adequate escaping, allowing injection of arbitrary HTML or JavaScript in a victim’s browser...
CVE-2026-22220
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...
CVE-2026-22220 Improper Input Validation Leading to DoS on TP-Link Archer BE230
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...
CVE-2026-22220 Improper Input Validation Leading to DoS on TP-Link Archer BE230
A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 web modules may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the...
CVE-2026-22220
CVE-2026-22220 affects TP-Link Archer BE230 v1.2 prior to 1.2.4 Build 20251218 rel.70420. The issue is improper input validation in the HTTP processing path of the web modules, allowing a crafted request to cause the device’s web service to become unresponsive. A network-adjacent attacker with hi...
CVE-2026-24788
RaspAP raspap-webgui versions prior to 3.3.6 contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...
EUVD-2026-5316
When a specific function is enabled while joining a AD Domain from ADM, an improper input parameters validation vulnerability in a specific CGI program allowing an unauthenticated remote attacker to write arbitrary data to any file on the system. By exploiting this vulnerability, attackers can...