Lucene search
+L

536 matches found

EUVD
EUVD
added 2026/06/03 10:38 a.m.15 views

EUVD-2026-34071

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 5:11 p.m.14 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS5.8AI score0.00415EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.14 views

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an issue with on-chip select control in the spi microchip-core-qspi component. This vulnerability...

5.8AI score0.00121EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/21 3:29 p.m.14 views

CVE-2026-43498

A flaw was found in the Linux kernel's accel/ivpu module. This vulnerability allows for the re-exporting of imported Graphics Execution Manager GEM buffers. When these buffers are re-exported, it leads to a loss of their original flag settings, which can result in incorrect device access and...

7.8CVSS5.8AI score0.00113EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 12:17 p.m.14 views

EUVD-2026-31272

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

5.9AI score0.00113EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/21 12:17 p.m.50 views

CVE-2026-43498 accel/ivpu: Disallow re-exporting imported GEM objects

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom primehandletofd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting...

7.8CVSS0.00113EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/13 12:0 a.m.10 views

CVE-2026-36738

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

5.8AI score0.00299EPSS
Exploits1References2
CVE
CVE
added 2026/05/13 12:0 a.m.17 views

CVE-2026-36738

CVE-2026-36738 affects the U-SPEED AC1200 Gigabit Wi‑Fi Router (Model: T18-21K, V1.0). The UART interface is exposed with no authentication/authorization, allowing a physically present attacker to access device functionality unrestrictedly. Documents do not specify affected firmware versions, exp...

6.8CVSS5.8AI score0.00299EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/11 4:2 p.m.66 views

CVE-2026-33357 Meari OpenAPI device status IDOR

In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...

7.5CVSS0.00241EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 4:2 p.m.37 views

CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00274EPSS
Exploits0References2
Fedora
Fedora
added 2026/05/10 3:23 a.m.39 views

[SECURITY] Fedora 42 Update: nextcloud-33.0.3-1.fc42

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

9.9CVSS6.5AI score0.02474EPSS
Exploits15
Debian CVE
Debian CVE
added 2026/05/06 11:27 a.m.8 views

CVE-2026-43130

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode Commit 4fc82cd907ac "iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected" relies on pcidevisdisconnected to skip ATS...

5.5CVSS5.7AI score0.00123EPSS
Exploits0
EUVD
EUVD
added 2026/04/24 2:45 p.m.5 views

EUVD-2026-25560

In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reproducibly when using a force-feedback gamepad with uinput for example, playing ELDEN RING under Wine...

5.6AI score0.00096EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/04/24 2:42 p.m.47 views

CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open()

In the Linux kernel, the following vulnerability has been resolved: media: em28xx: fix use-after-free in em28xxv4l2open em28xxv4l2open reads dev-v4l2 without holding dev-lock, creating a race with em28xxv4l2init's error path and em28xxv4l2fini, both of which free the em28xxv4l2 struct and set...

0.00128EPSS
Exploits0References9
EUVD
EUVD
added 2026/04/23 6:33 p.m.18 views

EUVD-2026-25275

OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows limited-scope sessions to enumerate and act on pairing requests. Attackers with paired-device access can approve or operate on unrelated pending device requests within the sa...

5.4CVSS5.8AI score0.00171EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/28 11:10 p.m.4 views

CVE-2026-34391

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 8:16 p.m.6 views

CVE-2026-34391

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS0.00161EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:19 p.m.3 views

CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure

Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...

8.7CVSS5.9AI score0.00161EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/27 12:31 a.m.4 views

EUVD-2026-16452

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/26 3:16 p.m.9 views

CVE-2026-28856

The issue was addressed with improved authentication. This issue is fixed in iOS 26.4 and iPadOS 26.4, visionOS 26.4, watchOS 26.4. An attacker with physical access to a locked device may be able to view sensitive user information...

4.6CVSS5.8AI score0.00277EPSS
Exploits0References1
Rows per page
Query Builder