294 matches found
MINI-88JR-P9X6-MRW8
Bulletin has no description...
MINI-Q3XX-G95G-856Q
Bulletin has no description...
CVE-2026-32953
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...
CVE-2026-4187
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...
MINI-GW49-J3R8-63M3
Bulletin has no description...
CVE-2026-32953 Tillitis: TKey Client has an Error in Protocol Implementation
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets USS to be silently ignored, producing the same Compound Device Identifier CDI—and thus the same key...
GHSA-4W7R-3222-8H6V Tillitis TKey Client has an Error in Protocol Implementation
Impact Some specific 1 out of 256 User Supplied Secrets USS were not used, making the resulting Compound Device Identifier CDI the same as if no USS was provided. Affected client applications: all client apps using the tkeyclient Go module. Patches Upgrade to v1.3.0. NOTE WELL: For the affected e...
EUVD-2026-12245
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...
CVE-2026-4187 Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...
CVE-2026-4187 Tiandy Easy7 Integrated Management Platform Device Identifier UpdateLocalDevInfo.jsp missing authentication
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...
CVE-2026-4187
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...
CVE-2026-4187
Tiandy Easy7 Integrated Management Platform 7.17.0 is affected by CVE-2026-4187, specifically an issue in the Device Identifier Handler’s /WebService/UpdateLocalDevInfo.jsp. The vulnerability arises from improper handling of the username/password arguments, enabling manipulation that leads to mis...
PT-2026-25561
A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Impacted is an unknown function of the file /WebService/UpdateLocalDevInfo.jsp of the component Device Identifier Handler. Such manipulation of the argument username/password leads to missing authentication. The...
MINI-W66V-G4CJ-X76W
Bulletin has no description...
CVE-2025-48611
Summary of CVE-2025-48611 : The vulnerability is in the DeviceId.java code path (DeviceId class) where a missing bounds check can cause a desync in persistence, enabling local elevation of privilege without extra execution privileges or user interaction. This is consistently described across mult...
MINI-PX3R-4F23-44C9
Bulletin has no description...
CVE-2025-58107
In Microsoft Exchange through 2019, Exchange ActiveSync EAS configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password...
CVE-2025-58107
CVE-2025-58107 affects on-premises Microsoft Exchange environments up to 2019, specifically Exchange ActiveSync (EAS) configurations. The issue is that EAS configs may transmit sensitive data from Samsung mobile devices in cleartext, including the user’s name, email address, device ID, bearer tok...
MINI-762H-55FJ-G9G4
Bulletin has no description...
CVE-2026-2944
A security flaw has been discovered in Tosei Online Store Management System ネット店舗管理システム 1.01. Affected is the function system of the file /cgi-bin/monitor.php of the component HTTP POST Request Handler. Performing a manipulation of the argument DevId results in os command injection. The attack ma...