691 matches found
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-20115
A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...
EUVD-2026-12794
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...
CVE-2026-22323
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by luring them to a malicious webpage. This can silently alter the device’s configuration without the...
CVE-2026-29521 Hereta ETH-IMC408M CSRF via Configuration Setup
Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using...
CVE-2026-4216
A weakness has been identified in i-SENS SmartLog App up to 2.6.8 on Android. This affects an unknown function of the component air.SmartLog.android. This manipulation causes hard-coded credentials. The attack can only be executed locally. The exploit has been made available to the public and cou...
EUVD-2026-11101
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-27842
CVE-2026-27842 affects Micro Research MR-GM5L-S1 and MR-GM5A-L1. The issue is an authentication bypass (CWE-288 per JVNDB) that could let an attacker bypass authentication and change device configuration. Severity is reflected as CRITICAL in multiple sources, with CVSSv3.0/4.0 scores indicating n...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
EUVD-2026-11102
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration...
PT-2026-24580
Name of the Vulnerable Software and Affected Versions MR-GM5L-S1 MR-GM5A-L1 Description An authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypass authentication and change the device configuration. Recommendations At the moment, there is no...
CVE-2026-25071 XikeStor SKS8310-8X switch_config.src Missing Authentication
XikeStor SKS8310-8X Network Switch firmware versions 1.04.B07 and prior contain a missing authentication vulnerability in the /switchconfig.src endpoint that allows unauthenticated remote attackers to download device configuration files. Attackers can access this endpoint without credentials to...
CVE-2026-27849
Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...
CVE-2026-2832 Certain Samsung MultiXpress Multifunction Printers Firmware – Potential Information Disclosure
Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization...
CVE-2026-2832
The advisory concerns Samsung MultiXpress Multifunction Printers. The vulnerability is an information disclosure through certain APIs that may allow access to address book entries and other device configuration without proper authorization. Affected component: firmware on Samsung MultiXpress devi...
PT-2026-21280
Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization...
Certain Samsung MultiXpress Multifunction Printers Firmware – Potential Information Disclosure
Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization. Update your printer firmware...
Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os
PAN-OS Stored XSS — Incomplete Sanitization of a Known-Bad Var...