Lucene search
K

632 matches found

EUVD
EUVD
added 2026/03/10 9:30 p.m.5 views

EUVD-2026-10904

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References2
OSV
OSV
added 2026/03/10 9:30 p.m.6 views

EEF-CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Summary Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References3
NVD
NVD
added 2026/03/02 5:16 p.m.10 views

CVE-2025-47381

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs...

7.8CVSS0.00071EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.11 views

Gardyn 4 信任管理问题漏洞

Gardyn 4 is a home-use vertical hydroponic cultivation system developed by the American company Gardyn. Gardyn 4 has a vulnerability related to trust management. This vulnerability stems from the ability to extract management credentials through application API responses, mobile application rever...

9.3CVSS7.5AI score0.00438EPSS
Exploits2References3
OSV
OSV
added 2026/02/16 4:19 p.m.7 views

CVE-2026-2563

A vulnerability was identified in JingDong JD Cloud Box AX6600 up to 4.5.1.r4533. Affected is the function setstcreenendeabledstatus/getstatus of the file /f/service/controlDevice of the component jdcapprpc. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the...

8.8CVSS5.4AI score0.00425EPSS
Exploits0References5
Snyk
Snyk
added 2026/02/10 12:28 a.m.3 views

Missing Authorization

Overview @frangoteam/fuxa is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Missing Authorization in the scheduler endpoint. An attacker can gain unauthorized access to create, modify, or delete schedules by sending crafted...

10CVSS5.6AI score0.11393EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.4 views

CVE-2026-22225

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS6.2AI score0.02682EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/03 9:19 p.m.6 views

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

8.5CVSS6.1AI score0.02394EPSS
Exploits0References1
NVD
NVD
added 2026/02/02 6:16 p.m.8 views

CVE-2026-22226

A command injection vulnerability may be exploited after the admin's authentication in the VPN server configuration module on TP-Link Archer BE230 v1.2 and Archer AX73 v2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe...

8.5CVSS0.02394EPSS
Exploits0References6
CVE
CVE
added 2026/02/02 5:55 p.m.17 views

CVE-2026-22226

Technical details (affected component, root cause, vulnerable paths, available fixes) are not provided in the connected documents. Public material reiterates a command-injection issue in TP-Link Archer BE230 v1.2; monitor vendor advisories for updates and patches.

8.5CVSS5.9AI score0.02394EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/02/02 5:53 p.m.35 views

CVE-2026-22225 Command Injection Vulnerability on TP-Link Archer BE230 v1.2 and AXE75 v1.0

A command injection vulnerability may be exploited after the admin's authentication in the VPN Connection Service on the Archer BE230 v1.2 and Archer AXE75 v1.0. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS0.02682EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/02 5:52 p.m.6 views

EUVD-2026-5085

A command injection vulnerability may be exploited after the admin's authentication in the cloud communication interface on the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise of...

8.5CVSS5.8AI score0.02597EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/02 3:20 p.m.5 views

EUVD-2025-206611

Memory Corruption while processing IOCTL call to update sensor property settings with invalid input parameters...

7.8CVSS5.3AI score0.00092EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/02 12:0 a.m.6 views

TP-Link Archer BE230 安全漏洞

The TP-Link Archer BE230 is a wireless router produced by TP-Link Corporation. The TP-Link Archer BE230 v1.2 1.2.4 Build 20251218 rel.70420 versions had security vulnerabilities. These vulnerabilities stemmed from command injection when importing specially crafted VPN client configurations, which...

8.6CVSS6AI score0.01887EPSS
Exploits0References8
NVD
NVD
added 2026/01/22 10:16 p.m.7 views

CVE-2026-1201

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

9.4CVSS0.00465EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/22 9:52 p.m.4 views

CVE-2026-1201

An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation...

9.4CVSS5.5AI score0.00465EPSS
Exploits0References3
ICS
ICS
added 2026/01/22 7:0 a.m.7 views

Hubitat Elevation Hubs

RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated attacker to escalate their privileges and control devices outside of their authorized scope. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of...

9.4CVSS5.7AI score0.00465EPSS
Exploits0References13
ICS
ICS
added 2026/01/22 7:0 a.m.7 views

Weintek cMT X Series HMI EasyWeb Service

RISK EVALUATION Successful exploitation of these vulnerabilities could allow a low-level user to alter privileges and gain full control to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities, such as:...

5.7AI score
Exploits0References13
RedhatCVE
RedhatCVE
added 2026/01/16 11:31 p.m.4 views

CVE-2021-47789

Yenkee Hornet Gaming Mouse driver GM312Fltr.sys contains a buffer overrun vulnerability that allows attackers to crash the system by sending oversized input. Attackers can exploit the driver by sending a 2000-byte buffer through DeviceIoControl to trigger a kernel-level system crash...

7.5CVSS7AI score0.00421EPSS
Exploits1References1
OSV
OSV
added 2026/01/15 4:16 p.m.5 views

CVE-2025-67246

A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lack of access control in the IOCTL handler. This driver exposes a device interface accessible to a normal user and handles attacker-controlled structures containing the lower 4GB of physical addresse...

7.3CVSS5.9AI score0.0014EPSS
Exploits1References2
Rows per page
Query Builder