Tecno\/h622\/tecno-id5b\ CVEs and Security Vulnerabilities

Export limit exceeded: 344400 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Expected end of text, found ':' (at char 31), (line:1, col:32)

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (344400 CVEs found)

Export CSV

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-5877	1 Google	1 Chrome	2026-04-13	8.8 High
Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-4116	1 Sonicwall	1 Sma1000	2026-04-13	7.2 High
Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication.
CVE-2026-4113	1 Sonicwall	1 Sma1000	2026-04-13	7.2 High
An observable response discrepancy vulnerability in the SonicWall SMA1000 series appliances allows a remote attacker to enumerate SSL VPN user credentials.
CVE-2026-40044	1 Pachno	1 Pachno	2026-04-13	9.8 Critical
Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write PHP object payloads to world-writable cache files with predictable names in the cache directory, which are unserialized during framework bootstrap before authentication checks occur.
CVE-2026-40042	1 Pachno	1 Pachno	2026-04-13	9.8 Critical
Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers can inject malicious XML entities through wiki table syntax and inline tags in issue descriptions, comments, and wiki articles to trigger entity resolution via simplexml_load_string() without LIBXML_NONET restrictions.
CVE-2026-40041	1 Pachno	1 Pachno	2026-04-13	4.3 Medium
Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-changing endpoints. Attackers can craft malicious requests targeting login, registration, file upload, milestone editing, and administrative functions to force logout, create accounts, modify roles, inject comments, or upload files when authenticated users visit attacker-controlled websites.
CVE-2026-39713	2 Mailercloud, Wordpress	2 Mailercloud – Integrate Webforms And Synchronize Website Contacts, Wordpress	2026-04-13	5.3 Medium
Missing Authorization vulnerability in mailercloud Mailercloud – Integrate webforms and synchronize website contacts mailercloud-integrate-webforms-synchronize-contacts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mailercloud – Integrate webforms and synchronize website contacts: from n/a through <= 1.0.7.
CVE-2026-40039	1 Pachno	1 Pachno	2026-04-13	6.5 Medium
Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious login URLs with unvalidated return_to values to conduct phishing attacks and steal user credentials.
CVE-2026-40038	1 Pachno	1 Pachno	2026-04-13	7.2 High
Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and message parameters across multiple controllers, which are stored in the database and executed in users' browser sessions due to improper sanitization via Request::getRawParameter() or Request::getParameter() calls.
CVE-2026-39865	1 Axios	1 Axios	2026-04-13	5.9 Medium
Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the Http2Sessions.getSession() method in lib/adapters/http.js. The session cleanup logic contains a control flow error when removing sessions from the sessions array. This vulnerability is fixed in 1.13.2.
CVE-2026-39715	2 Anytrack, Wordpress	2 Anytrack Affiliate Link Manager, Wordpress	2026-04-13	5.3 Medium
Missing Authorization vulnerability in AnyTrack AnyTrack Affiliate Link Manager anytrack-affiliate-link-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AnyTrack Affiliate Link Manager: from n/a through <= 1.5.5.
CVE-2026-39711	2 Stmcan, Wordpress	2 Rt-theme 18 \| Extensions, Wordpress	2026-04-13	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in stmcan RT-Theme 18 \| Extensions rt18-extensions allows Retrieve Embedded Sensitive Data.This issue affects RT-Theme 18 \| Extensions: from n/a through <= 2.5.
CVE-2026-39709	2 Thetechtribe, Wordpress	2 The Tribal, Wordpress	2026-04-13	5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in thetechtribe The Tribal the-tech-tribe allows Retrieve Embedded Sensitive Data.This issue affects The Tribal: from n/a through <= 1.3.4.
CVE-2026-39660	2 Automattic, Wordpress	2 Wp Job Manager, Wordpress	2026-04-13	5.3 Medium
Missing Authorization vulnerability in Automattic WP Job Manager wp-job-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Manager: from n/a through <= 2.4.1.
CVE-2026-39653	2 Imdpen, Wordpress	2 Video Conferencing With Zoom, Wordpress	2026-04-13	4.3 Medium
Missing Authorization vulnerability in Deepen Bajracharya Video Conferencing with Zoom video-conferencing-with-zoom-api allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Conferencing with Zoom: from n/a through <= 4.6.6.
CVE-2026-39651	2 Totalsuite, Wordpress	2 Total Poll Lite, Wordpress	2026-04-13	6.3 Medium
Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0.
CVE-2026-39614	2 Ilghera, Wordpress	2 Jw Player For Wordpress, Wordpress	2026-04-13	5.4 Medium
Missing Authorization vulnerability in ilGhera JW Player for WordPress jw-player-7-for-wp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JW Player for WordPress: from n/a through <= 2.3.6.
CVE-2026-39509	2 Wordpress, Wpwax	2 Wordpress, Directorist	2026-04-13	5.3 Medium
Missing Authorization vulnerability in wpWax Directorist directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through <= 8.5.10.
CVE-2026-39506	2 Jordy Meow, Wordpress	2 Ai-engine, Wordpress	2026-04-13	4.3 Medium
Missing Authorization vulnerability in Jordy Meow AI Engine (Pro) ai-engine-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Engine (Pro): from n/a through < 3.4.2.
CVE-2026-39504	2 Instawp, Wordpress	2 Instawp Connect, Wordpress	2026-04-13	5.4 Medium
Missing Authorization vulnerability in InstaWP InstaWP Connect instawp-connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects InstaWP Connect: from n/a through <= 0.1.2.5.

« first previous Page 31 of 17220. next last »