2.7

CVSS3.1

CVE-2026-0925 - Tanium addressed an improper input validation vulnerability in Discover.

Tanium addressed an improper input validation vulnerability in Discover.

πŸ“… Published: Jan. 26, 2026, 5:51 p.m. πŸ”„ Last Modified: March 9, 2026, 6:10 p.m.

7.1

CVSS4.0

CVE-2026-24435 - Tenda W30E V2 Permissive CORS Allows Cross-origin Data Access

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) implement an insecure Cross-Origin Resource Sharing (CORS) policy on authenticated administrative endpoints. The device sets Access-Control-Allow-Origin: * in combination with Access-Control-Allow-Credentials: true, allo…

πŸ“… Published: Jan. 26, 2026, 5:49 p.m. πŸ”„ Last Modified: March 5, 2026, 1:30 a.m.

2.1

CVSS4.0

CVE-2026-24439 - Tenda W30E V2 Lacks X-Content-Type-Options Header

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable scr…

πŸ“… Published: Jan. 26, 2026, 5:48 p.m. πŸ”„ Last Modified: March 5, 2026, 1:30 a.m.

4

CVSS3.1

CVE-2025-57784 - Tomahawk authentication timing attack due to usage of 'strcmp'

Tomahawk auth timing attack due to usage of `strcmp` has been identified in Hiawatha webserver version 11.7 which allows a local attacker to access the management client.

πŸ“… Published: Jan. 26, 2026, 5:47 p.m. πŸ”„ Last Modified: Feb. 18, 2026, 2:16 p.m.

5.1

CVSS4.0

CVE-2026-24432 - Tenda W30E V2 Missing CSRF Protections for Administrative Actions

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered…

πŸ“… Published: Jan. 26, 2026, 5:46 p.m. πŸ”„ Last Modified: March 5, 2026, 1:30 a.m.

6.5

CVSS3.1

CVE-2025-57785 - Double free in XSLT in 'show_index'

A Double Free in XSLT `show_index` has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to corrupt data which may lead to arbitrary code execution.

πŸ“… Published: Jan. 26, 2026, 5:46 p.m. πŸ”„ Last Modified: Feb. 13, 2026, 3:21 p.m.

5.3

CVSS3.1

CVE-2025-57783 - Improper header parsing may lead to request smuggling

Improper header parsing may lead to request smuggling has been identified in Hiawatha webserver version 11.7 which allows an unauthenticated attacker to access restricted resources managed by Hiawatha webserver.

πŸ“… Published: Jan. 26, 2026, 5:45 p.m. πŸ”„ Last Modified: Feb. 18, 2026, 2:20 p.m.

5.1

CVSS4.0

CVE-2020-36960 - Forma LMS 2.3 - 'First & Last Name' Stored Cross-Site Scripting

Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by…

πŸ“… Published: Jan. 26, 2026, 5:43 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.5

CVSS4.0

CVE-2020-36959 - IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account p…

πŸ“… Published: Jan. 26, 2026, 5:43 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

8.5

CVSS4.0

CVE-2020-36958 - Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate pr…

πŸ“… Published: Jan. 26, 2026, 5:43 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 344690
Page 1498 of 34,469
Β« previous page Β» next page
Filters