CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...

CVE-2026-26341

CVE-2026-26341 affects Tattile Smart+, Vega, and Basic device families with firmware ≤ 1.181.5. The root cause is default credentials that are not forced to be changed during installation, enabling an attacker who can reach the management interface to authenticate and gain administrative access t...

CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...

CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...

CVE-2026-26340

The CVE-2026-26340 entry affects Tattile Smart+, Vega, and Basic device families on firmware versions 1.181.5 and earlier, where RTSP streams are exposed without authentication. The underlying issue is unauthenticated access to live video/audio streams, enabling unauthorized surveillance data dis...

Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

PT-2026-21790

Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions prior to 1.181.5 Description The authentication token X-User-Token in affected devices has an insufficient expiration time. An attacker obtaining a valid token through methods like...

PT-2026-21789

Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions 1.181.5 and prior Description The device families ship with default credentials that are not required to be changed during setup. An attacker reaching the management interface can use...

Tattile Smart+ 代码问题漏洞

Tattile Smart+ is a smart license plate recognition camera developed by the Italian company Tattile. There are code-related vulnerabilities in Tattile Smart+, Vega, and Basic 1.181.5 and earlier versions. These vulnerabilities stem from an inadequate mechanism for handling expired authentication...

Malicious code in scraper-npm (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5705e85e8288aeffbfe964329624dcbb5b2e30cebb0023da5b605ee5fb0aef4e During import, the package exfiltrates files especially .env and JSON and eventually configures a backdoor by adding its own SSH key to the authorizedkeys. ---...

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

PT-2026-21918

Name of the Vulnerable Software and Affected Versions basic-ftp versions prior to 5.2.0 Description The basic-ftp FTP client library for Node.js contains a path traversal vulnerability CWE-22 in the downloadToDir method. A malicious FTP server can send directory listings with filenames containing...

SUSE CVE-2025-15581

Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access...

CVE-2026-24455

The embedded web interface of the device does not support HTTPS/TLS for authentication and uses HTTP Basic Authentication. Traffic is encoded but not encrypted, exposing user credentials to passive interception by attackers on the same network...

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

CVE-2026-27480

Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...

CVE-2026-27480

CVE-2026-27480 affects Static Web Server (SWS) versions 2.1.0 through 2.40.1. The vulnerability is a timing-based username enumeration in Basic Authentication: the server checks whether a username exists before validating the password, causing valid usernames to take a slower path (e.g., bcrypt h...