Lucene search
K

532 matches found

NVD
NVD
added last week6 views

CVE-2026-12352

This vulnerability allows an unauthenticated actor to bypass authentication and gain access to restricted resources on the device...

5.9CVSS0.00259EPSS
Exploits0References1
CVE
CVE
added last week15 views

CVE-2026-12352

Technical details (affected products/versions, root cause, exploit conditions, or remediation) are not publicly provided in the supplied documents. Monitor for updates on CVE-2026-12352.

5.9CVSS6AI score0.00259EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/07 12:0 a.m.12 views

PT-2026-56192

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An unauthenticated actor can bypass authentication to gain access to restricted resources on the device. Recommendations At the moment, there is no information...

5.9CVSS6.1AI score0.00259EPSS
Exploits0References5
OSV
OSV
added 2026/06/26 8:17 p.m.5 views

DEBIAN-CVE-2026-53290

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.11 views

PT-2026-52929

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the xe eu stall stream close function. The drm dev put function is called before the stream is disabled and its resources are freed. If this call drops t...

7.8CVSS5.8AI score0.00124EPSS
Exploits0References16
Debian CVE
Debian CVE
added 2026/06/25 9:51 p.m.7 views

CVE-2026-13282

Use after free in Payments in Google Chrome on Android prior to 149.0.7827.201 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: High...

6.8CVSS5.8AI score0.00115EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: - In the net subsystem, use dstdevrcu in sksetupcaps. - Use RCU to protect accesses to dst-dev from sksetupcaps and skdstgsomaxsize. - Also use dstdevrcu in ip6dstmtumaybeforward and ipdstmtumaybeforward. - ip4dsthoplimit can...

6.3AI score0.00188EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/06/24 12:0 a.m.5 views

The vulnerability of the built-in mobile security firewall Ivanti Sentry arises from the use of an alternative path or channel, which allows a intruder to elevate their privileges and gain full access to the device.

The vulnerability of the built-in mobile security firewall, Ivanti Sentry, relates to bypassing authentication using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to enhance their privileges and gain full access to the device...

9.9CVSS6.1AI score0.4719EPSS
Exploits4References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.7 views

PT-2026-51892

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL dereference exists in the nf osf ttl function within the netfilter nfnetlink osf module. The function accessed skb-dev to perform a local interface address lookup withou...

7.5CVSS5.8AI score0.00508EPSS
Exploits0References10
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: iio: accel: mma8452: use the correct logic to get mma8452data. The original logic for getting mma8452data is incorrect. The dev points to the device belonging to iiodev. We cannot use this dev to find the correct i2cclient. The...

5.5CVSS6.1AI score0.00243EPSS
Exploits0References2
CERT
CERT
added 2026/06/17 12:0 a.m.12 views

SignalRGB kernel driver contains improper access control and IOCTL vulnerabilities

Overview The SignalRGB kernel driver, SignalIo.sys, contains two vulnerabilities involving improper access control and unsafe memory handling. The device object is created with an overly permissive Discretionary Access Control List DACL that allows user-mode processes to access privileged hardwar...

7.5CVSS5.5AI score0.00278EPSS
Exploits0
NVD
NVD
added 2026/06/12 3:16 p.m.17 views

CVE-2026-7368

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.9 views

PT-2026-52482

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficiently protected credentials stored within firmware or system files may allow an unauthenticated attacker to gain unauthorized access and expose sensitiv...

8.7CVSS7AI score0.00247EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.13 views

CVE-2026-33570

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS5.4AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/03 10:38 a.m.50 views

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS0.00466EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 10:38 a.m.24 views

CVE-2026-35075

CVE-2026-35075: An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices. The Connected documents confirm the vulnerability allows extraction of the credential from firmware and implies full device compromise;...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/03 10:38 a.m.14 views

EUVD-2026-34071

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:38 a.m.10 views

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 5:11 p.m.13 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with on-chip select control in the spi microchip-core-qspi component. This vulnerability...

5.8AI score0.00121EPSS
Exploits0References3
Rows per page
Query Builder