8.2
CVE-2026-24430 - Tenda W30E V2 HTTP Responses Expose Plaintext Credentials
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) disclose sensitive account credentials in cleartext within HTTP responses generated by the maintenance interface. Because the management interface is accessible over unencrypted HTTP by default, credentials may be exposeβ¦
9.3
CVE-2026-24429 - Tenda W30E V2 Hardcoded Default Password for Built-in Account
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) ship with a predefined default password for a built-in authentication account that is not required to be changed during initial configuration. An attacker can leverage these default credentials to gain authenticated acceβ¦
8.7
CVE-2026-24440 - Tenda W30E V2 Allows Password Changes Without Verifying Current Password
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained.
4.9
CVE-2026-1224 - Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
Tanium addressed an uncontrolled resource consumption vulnerability in Discover.
5
CVE-2026-1446 - XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier
There is a CrossβSite Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop application, and exploitation is limited to local users interacting with the application; no privileged role or elevated permissions are required beyond standard local user access. A lβ¦
7.8
CVE-2026-21509 - Microsoft Office Security Feature Bypass Vulnerability
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
8.5
CVE-2020-36952 - IObit Uninstaller 10 Pro - Unquoted Service Path
IObit Uninstaller 10 Pro contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path in the IObit Uninstaller Service to insert malicious code that would execute with SYSTEM-leveβ¦
7.8
CVE-2026-1284 - Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawingsβ¦
An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
7.8
CVE-2026-1283 - Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDβ¦
A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file.
9.9
CVE-2016-15057 - Apache Continuum: Command injection leading to RCE
** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Continuum. This issue affects Apache Continuum: all versions. Attackers with access to the installations REST API can use this to invoke arbitrary commands oβ¦