Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
Showing 10,841 - 10,860 of 14,108 CVEs
CVE-2026-3274 HIGH - 8.8

A security flaw has been discovered in Tenda F453 1.0.0.3. Affected by this issue is the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page results in buffer overflow. The attack is possible to be carried out remotely. The exploit...

Vendor: tenda
Product: f453_firmware
Published: Feb 27, 2026
Source: NVD
CVE-2026-3037 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by modifying malicious input injected into the MBird SMS service URL and/or code via the utility route which is later processed dur...

Vendor: copeland
Product: xweb_300d_pro_firmware
Published: Feb 27, 2026
Source: NVD
CVE-2026-25721 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the server username and/or password fields of the restore action in the API V1 route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25196 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the Wi-Fi SSID and/or password fields can lead to remote code execution when the configuration is...

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25105 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into parameters of the Modbus command tool in the debug route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25037 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by configuring a maliciously crafted LCD state which is later processed during system setup, enabling remote code execution.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-24452 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted template file to the devices route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-23702 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by sending malicious input injected into the server username field of the import preconfiguration action in the API V1 route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-20764 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by providing malicious input via the device hostname configuration which is later processed during system setup, resulting in remot...

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-3273 HIGH - 8.8

A vulnerability was identified in Tenda F453 1.0.0.3. Affected by this vulnerability is the function formWrlsafeset of the file /goform/AdvSetWrlsafeset of the component httpd. Such manipulation of the argument mit_ssid_index leads to buffer overflow. The attack can be executed remotely. The exploit...

Vendor: tenda
Product: f453_firmware
Published: Feb 27, 2026
Source: NVD
CVE-2026-27647 HIGH - 7.3

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent conn...

Vendor: Mobility46
Product: mobility46.se
Published: Feb 27, 2026
Source: NVD
CVE-2026-26305 HIGH - 7.5

The WebSocket Application Programming Interface lacks restrictions on the number of authentication requests. This absence of rate limiting may allow an attacker to conduct denial-of-service attacks by suppressing or mis-routing legitimate charger telemetry, or conduct brute-force attacks to gain...

Vendor: Mobility46
Product: mobility46.se
Published: Feb 27, 2026
Source: NVD
CVE-2026-26290 HIGH - 7.3

The WebSocket backend uses charging station identifiers to uniquely associate sessions but allows multiple endpoints to connect using the same session identifier. This implementation results in predictable session identifiers and enables session hijacking or shadowing, where the most recent conn...

Vendor: EV Energy
Product: ev.energy
Published: Feb 27, 2026
Source: NVD
CVE-2026-25195 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25111 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the restore route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25109 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field when accessing the get setup route, leading to remote code execution.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-25085 HIGH - 8.6

A vulnerability exists in Copeland XWEB Pro version 1.12.1 and prior, in which an unexpected return value from the authentication routine is later on processed as a legitimate value, resulting in an authentication bypass.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-24695 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into OpenSSL argument fields within requests sent to the utility route, leading to remote code exe...

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-24689 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update apply action.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD
CVE-2026-24517 HIGH - 8.0

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into requests sent to the firmware update route.

Vendor: Copeland
Product: Copeland XWEB 300D PRO, Copeland XWEB 500D PRO, Copeland XWEB 500B PRO
Published: Feb 27, 2026
Source: NVD