8.5
CVE-2025-67733 - Valkey Affected by RESP Protocol Injection via Lua error_reply
Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same conn…
5.7
CVE-2026-2698 - Improper Access Control
An improper access control vulnerability exists where an authenticated user could access areas outside of their authorized scope.
7.1
CVE-2026-27514 - Tenda F3 Plaintext Credential Exposure in Configuration Download
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a sensitive information exposure vulnerability in the configuration download functionality. The configuration download response includes the router password and administrative password in plaintext. The endpoint also omits appro…
5.1
CVE-2026-27513 - Tenda F3 CSRF in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a cross-site request forgery (CSRF) vulnerability in the web-based administrative interface. The interface does not implement anti-CSRF protections, allowing an attacker to induce an authenticated administrator to submit state-c…
5.1
CVE-2026-27512 - Tenda F3 Reflected Script Execution via Missing nosniff Header
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a content-type confusion vulnerability in the administrative interface. Responses omit the X-Content-Type-Options: nosniff header and include attacker-influenced content that can be reflected into the response body. Under affect…
5.1
CVE-2026-27511 - Tenda F3 Clickjacking in Web Management Interface
Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an authentica…
7.6
CVE-2026-22567 - ZIA Admin UI Input Validation Bug
Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios.
5.5
CVE-2026-22568 - Unauthorized information retrieval in ZIA Admin UI
Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions.
2.1
CVE-2026-2697 - Indirect Object Reference (IDOR) in Security Center
An Indirect Object Reference (IDOR) in Security Center allows an authenticated remote attacker to escalate privileges via the 'owner' parameter.
8.7
CVE-2026-3016 - UTT HiPER 810G formP2PLimitConfig strcpy buffer overflow
A vulnerability was identified in UTT HiPER 810G up to 1.7.7-171114. The affected element is the function strcpy of the file /goform/formP2PLimitConfig. The manipulation of the argument except leads to buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available…