CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/02/03 12:0 a.m.•7 views

PT-2026-6051

Name of the Vulnerable Software and Affected Versions Synectix LAN 232 TRIO versions affected versions not specified Description The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter’s web management interface is accessible without authentication. This allows unauthenticated users to modify...

10CVSS5.6AI score0.0055EPSS

Exploits0References10

Positive Technologies•added 2026/02/03 12:0 a.m.•5 views

PT-2026-6050

Name of the Vulnerable Software and Affected Versions MOMA Seismic Station versions v2.4.2520 and prior Description The MOMA Seismic Station web management interface does not require authentication. This allows an unauthenticated attacker to modify configuration settings, obtain device data, or...

9.3CVSS5.5AI score0.00474EPSS

Exploits0References8

Positive Technologies•added 2026/02/03 12:0 a.m.•7 views

PT-2026-6189

Name of the Vulnerable Software and Affected Versions Shenzhen Tenda AC7 firmware versions prior to V03.03.03.01 cn Description The software contains an improper output encoding issue in the web management interface. User-supplied input is reflected in HTTP responses without sufficient escaping,...

6.1CVSS5.7AI score0.00188EPSS

CNNVD•added 2026/02/03 12:0 a.m.•6 views

RISS SRL MOMA Seismic Station 访问控制错误漏洞

RISS SRL MOMA Seismic Station is a specialized industrial control device for earthquake monitoring developed by the Italian company RISS SRL. Versions of RISS SRL MOMA Seismic Station prior to v2.4.2520 contained an access control vulnerability. This vulnerability stemmed from the lack of...

9.3CVSS5.8AI score0.00474EPSS

Exploits0References2

CNNVD•added 2026/02/03 12:0 a.m.•7 views

Tenda AC7 跨站请求伪造漏洞

The Tenda AC7 is a wireless router produced by the Chinese company Tenda. Versions of the Tenda AC7 such as V03.03.03.01cn and earlier contained a vulnerability related to cross-site request forgery. This vulnerability stemmed from the lack of CSRF protection in the web management interface, whic...

6.5CVSS5.7AI score0.00146EPSS

Exploits0References3

OSV•added 2026/02/02 11:15 p.m.•6 views

CVE-2025-36436

IBM Cloud Pak for Business Automation 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 007 is vulnerable to stored cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web...

5.4CVSS6.8AI score0.0021EPSS

ATTACKERKB•added 2026/02/02 9:51 p.m.•3 views

CVE-2025-36436

6.4CVSS5AI score0.0021EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/02 9:5 p.m.•4 views

GO-2026-4366 Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea...

4.3CVSS5.2AI score0.00303EPSS

Exploits0References6

OSV•added 2026/02/02 6:30 a.m.•3 views

GHSA-4WWF-F7W3-94F5 RaspAP raspap-webgui contains an OS Command Injection vulnerability

RaspAP raspap-webgui versions prior to 3.3.6 contain an OS Command Injection vulnerability. If exploited, an arbitrary OS command may be executed by a user who can log in to the product...

8.8CVSS5.7AI score0.0133EPSS

CNNVD•added 2026/02/02 12:0 a.m.•4 views

EFM ipTIME A8004T 代码问题漏洞

The EFM ipTIME A8004T is a wireless router produced by the South Korean company EFM. The version 14.18.2 of the EFM ipTIME A8004T has a code vulnerability. This vulnerability stems from an incorrect operation on the function commitvpnclifile Upload in the file /cgi/timepro.cgi, which may lead to...

7.2CVSS5.8AI score0.00344EPSS

RedhatCVE•added 2026/02/01 3:14 a.m.•6 views

CVE-2026-1705

A vulnerability was detected in D-Link DSL-6641K N8.TR069.20131126. Affected by this issue is the function advirtualservervdsl of the component Web Interface. Performing a manipulation of the argument Name results in cross site scripting. It is possible to initiate the attack remotely. The exploi...

RedhatCVE•added 2026/01/31 3:21 p.m.•6 views

CVE-2026-1498

An LDAP Injection vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to retrieve sensitive information from a connected LDAP authentication server through an exposed authentication or management web interface. This vulnerability may also allow a remote attacker to...

7CVSS5.9AI score0.0068EPSS

EUVD•added 2026/01/31 12:30 a.m.•6 views

EUVD-2026-5003

NVD•added 2026/01/30 10:15 p.m.•6 views

Exploits0References6

CVE-2026-1705

4.8CVSS0.00223EPSS

ATTACKERKB•added 2026/01/30 9:32 p.m.•3 views

CVE-2026-1705

Vulnrichment•added 2026/01/30 9:32 p.m.•4 views

CVE-2026-1705 D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting

4.8CVSS3.9AI score0.00223EPSS

Cvelist•added 2026/01/30 9:32 p.m.•31 views

CVE-2026-1705 D-Link DSL-6641K Web ad_virtual_server_vdsl cross site scripting

4.8CVSS0.00223EPSS

CVE•added 2026/01/30 9:32 p.m.•12 views

CVE-2026-1705

CVE-2026-1705 affects D-Link DSL-6641K Web Interface: the ad_virtual_server_vdsl function is vulnerable to cross-site scripting via the Name argument. The issue is remotely exploitable and exploits are public. Connected sources (Red Hat, EUVD, NVD, CVE record, and others) consistently describe th...

RedhatCVE•added 2026/01/30 9:23 p.m.•8 views

CVE-2025-15548

Some VX800v v1.0 web interface endpoints transmit sensitive information over unencrypted HTTP due to missing application layer encryption, allowing a network adjacent attacker to intercept this traffic and compromise its confidentiality...

6.5CVSS5.9AI score0.00068EPSS