Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-5068

A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation via chanops.allocbuf and the chosen RX pool has a userdatasize smaller than 2 bytes, the segmentation counter stored in t...

7.6CVSS5.5AI score0.00166EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•11 views

CVE-2026-8365

The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksymeta' REST API field and the V200 database migration in versions up to and including 2.1.35. This is due to insufficient input sanitization in the blocksysanitizepostmetaoptions...

8.8CVSS5.8AI score0.00849EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-10738

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier '...' Syntax in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-41539

A cross-site scripting XSS vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QTS...

8.7CVSS5.2AI score0.00193EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•9 views

CVE-2026-11572

Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exec method by cloneWithGit and fetchRefs functions. An attacker can execute arbitrary operating syst...

8.8CVSS5.9AI score0.01057EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-44083

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

9.8CVSS5.5AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•10 views

CVE-2026-10553

The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFootnotesoptionssubpanel function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS5.5AI score0.00145EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•8 views

CVE-2025-62858

A buffer overflow vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following versions:...

6.5CVSS5.8AI score0.00445EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•9 views

CVE-2026-10024

The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.7AI score0.00228EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•9 views

CVE-2026-11616

The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajaxayiaction handler only applying striptagsescsql — with no allow-list — to the attacker-controlled $POST'type' and $POST'postid' values...

8.8CVSS5.5AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 8:59 a.m.•8 views

CVE-2026-42253

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. The MessageServlet in the ActiveMQ web console API copies every JMS message property into an HTTP response header without any validation. This can allow...

6.1CVSS5.4AI score0.01107EPSS
Exploits1References1
RedhatCVE
RedhatCVE
•added 2026/06/10 5:57 a.m.•13 views

CVE-2026-46718

A flaw was found in Apache Calcite when processing specially crafted queries. An authenticated user could trigger unintended application behavior through affected query-processing functionality. Exploitation requires access to the vulnerable feature and is limited to the application's operating...

6.5CVSS5.3AI score0.00436EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2026/06/10 5:3 a.m.•13 views

CVE-2026-11837

A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...

7.3CVSS5.6AI score0.00127EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•11 views

CVE-2026-39170

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...

6.3CVSS5.5AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•12 views

CVE-2026-36822

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36817

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•12 views

CVE-2026-36820

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•12 views

CVE-2026-36821

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•13 views

CVE-2026-39169

SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMScopy.php...

7.5CVSS5.4AI score0.00232EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36811

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36816

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36823

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•12 views

CVE-2026-36810

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36808

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•11 views

CVE-2026-36803

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the qossetting function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•11 views

CVE-2026-36818

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36809

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•13 views

CVE-2026-36802

Shenzhen Tenda Technology Co., Ltd Tenda PW201A v1.0.5 was discovered to contain a buffer overflow in the page parameter of the SafeMacFilter function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36806

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formModifyWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-38615

DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...

9.8CVSS5.5AI score0.00816EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36801

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindRule parameter of the formIPMacBindAdd function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•8 views

CVE-2026-36819

Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36799

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36807

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36800

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•11 views

CVE-2026-36815

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•8 views

CVE-2026-36794

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the R7WebsSecurityHandler function via the username and password parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36796

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36813

Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.9AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36797

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•10 views

CVE-2026-36798

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

6.5CVSS5.5AI score0.00301EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36805

Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.7AI score0.00309EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36784

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a HTTP request...

7.5CVSS5.5AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•12 views

CVE-2026-36793

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain multiple stack overflows in the formwrlSSIDset function via the mitssid and misssidindex parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•8 views

CVE-2026-36792

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formWifiRadioSet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36777

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the param1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

6.5CVSS5.5AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 3:0 a.m.•9 views

CVE-2026-36783

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 a.m.•10 views

CVE-2026-36771

Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS5.5AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 a.m.•9 views

CVE-2026-36779

Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.54180 was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, s2, s100, and puVar3 parameters. These vulnerabilities allow attackers to cause a Denial of Service DoS via a crafted...

7.5CVSS5.5AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 2:59 a.m.•9 views

CVE-2026-36727

An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...

9.1CVSS5.5AI score0.00364EPSS
Exploits0References1
Total number of security vulnerabilities206304