PT-2026-45916

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

CVE-2026-40621

ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be operated without authentication...

PT-2026-40316

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitive user data...

EUVD-2026-26030

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

PT-2026-35708

An unsecured configuration interface on affected devices allows unauthenticated remote attackers to access sensitive information, including hashed credentials and access codes...

PT-2026-30457

An information disclosure vulnerability exists in AZIOT 1 Node Smart Switch 16amp- WiFi/Bluetooth Enabled Software Version: 1.1.9 due to improper access control on the UART debug interface. An attacker with physical access can connect to the UART interface and obtain sensitive information from th...

PT-2026-28477

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router products affected versions not specified Description A missing authentication check for a critical function allows an attacker to forcibly reboot the product without authentication. There is no information about the number...

CVE-2026-30695

The CVE-2026-30695 entry concerns a Cross-Site Scripting (XSS) vulnerability in the web-based configuration interface of Zucchetti Axess access control devices (models XA4, X3/X3BIO, X4, X7, XIO / i-door / i-door+). The issue is caused by improper sanitization of user-supplied input in the dirBro...

PHOENIX CONTACT FL NAT 命令注入漏洞

PHOENIX CONTACT FL NAT is a series of industrial security gateways developed by the German company PHOENIX CONTACT. PHOENIX CONTACT FL NAT has a command injection vulnerability, which stems from command injection within the device’s Root CA certificate transmission process. This vulnerability cou...

PT-2026-24471

Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...

CVE-2026-2155

A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub4208A0 of the file /goform/setdmz of the component Configuration Handler. The manipulation of the argument dmzhost/dmzenable results in os command injection. The attack can be executed remotely...

PT-2026-6615

Name of the Vulnerable Software and Affected Versions Tanium Deploy affected versions not specified Description Tanium addressed an improper input validation issue in Deploy. The issue involves insufficient validation of input, potentially allowing for unintended consequences. No information is...

EUVD-2022-55958

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

PT-2026-5668

An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced...

CVE-2025-14231

Buffer overflow in print job processing by WSD on Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code. : Satera LBP670C Series/Satera MF750C Series firmware v06.02...

CVE-2022-31793

dorequest in request.c in muhttpd before 1.1.7 allows remote attackers to read arbitrary files by constructing a URL with a single character before a desired path on the filesystem. This occurs because the code skips over the first character when serving files. Arris NVG443, NVG599, NVG589, and...

CVE-2020-10974

An issue was discovered affecting a backup feature where a crafted POST request returns the current configuration of the device in cleartext, including the administrator password. No authentication is required. Affected devices: Wavlink WN575A3, Wavlink WN579G3, Wavlink WN531A6, Wavlink WN535G3,...

CVE-2020-10971

An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm.cgi that will result in the execution of the supplied command if there is an active session at the same time. The POST request itself is not validated to ensure it came from the active session...

CVE-2019-20732

Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.40, D7000v2 before 1.0.0.74, D8500 before 1.0.3.39, DGN2200v4 before 1.0.0.102, DGND2200Bv4 before 1.0.0.102, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, EX6000 before 1.0.0.30,...

CVE-2022-31765

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges...