Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

344 matches found

RedhatCVE
RedhatCVEadded last week6 views

CVE-2026-50226

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

6.9CVSS5.6AI score0.00041EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week6 views

CVE-2026-49200

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.5AI score0.00063EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week5 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.5AI score0.00058EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded last week6 views

CVE-2026-9789

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS5.6AI score0.00022EPSS
Exploits1References1
Cvelist
Cvelistadded 2026/06/04 9:34 a.m.38 views

CVE-2026-50226 Firmware Theft & IMEI Spoofing via Connect-OTA

Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...

6.9CVSS0.00041EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2026/05/30 10:1 a.m.73 views

Exploit for CVE-2026-9789

CVE ID: CVE-2026-9789 Researcher: Vo Duc Thang ugvxb...

8.5CVSS6AI score0.00022EPSS
Exploits1
GithubExploit
GithubExploitadded 2026/05/30 8:38 a.m.73 views

Exploit for CVE-2026-9490

CVE ID: CVE-2026-9490 Researcher: Vo Duc Thang ugvxb...

6.8CVSS5.9AI score0.00013EPSS
Exploits1
NVD
NVDadded 2026/05/29 9:16 a.m.14 views

CVE-2026-49200

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS0.00063EPSS
Exploits0References1
NVD
NVDadded 2026/05/29 9:16 a.m.12 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS0.00058EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 8:57 a.m.27 views

CVE-2026-49201

The CVE-2026-49201 entry concerns Acer Wave 7 routers (upload.cgi handling device backups) with a hardcoded AES encryption key. The underlying issue is a fixed cryptographic key embedded in the backup processing binary, enabling an attacker to decrypt, modify, and re-encrypt backups, which can fa...

10CVSS5.8AI score0.00033EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2026/05/29 8:57 a.m.7 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS5.8AI score0.00033EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 8:57 a.m.35 views

CVE-2026-49201 Acer Wave 7 router: Hardcoded Cryptographic Key

The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify, and re-encrypt system backups, facilitating persistent backdoor injection...

10CVSS0.00033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 8:51 a.m.14 views

CVE-2026-49200

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.8AI score0.00063EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/29 8:51 a.m.9 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.8AI score0.00063EPSS
Exploits0References1
EUVD
EUVDadded 2026/05/29 8:51 a.m.10 views

EUVD-2026-33270

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS5.8AI score0.00063EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 8:51 a.m.36 views

CVE-2026-49200 Acer Wave 7 router: Broken Access Control

The acercgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credentials for web and Telnet, leading to unauthorized system access...

10CVSS0.00063EPSS
Exploits0References1
CVE
CVEadded 2026/05/29 8:51 a.m.25 views

CVE-2026-49200

The CVE-2026-49200 entry affects Acer Wave 7 router firmware. The root issue is that the acer_cgi.log file is accessible without authentication via the web interface, and this log contains cleartext credentials for web and Telnet. This exposure can lead to unauthorized system access and high impa...

10CVSS5.8AI score0.00063EPSS
Exploits0References1Affected Software1
EUVD
EUVDadded 2026/05/29 8:24 a.m.8 views

EUVD-2026-33264

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00058EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/05/29 8:24 a.m.32 views

CVE-2026-49197 Predator Connect W6x: Improper Authentication

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS0.00058EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/29 8:24 a.m.12 views

CVE-2026-49197

Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fails...

10CVSS5.8AI score0.00058EPSS
Exploits0References2
Rows per page
Query Builder