CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

CVE-2019-25722

Dräger SC Monitoring devices SC 6002XL, SC 6802XL, SC 7000, SC 8000, SC 9000 XL contain hard-coded plaintext credentials in source code and a denial-of-service vulnerability that allows local and remote attackers to compromise device integrity across all software versions. A local attacker with...

EUVD-2026-30135

A denial of service DoS vulnerability in Palo Alto Networks Prisma SD-WAN ION devices enables an unauthenticated attacker in a network adjacent to a Prisma SD-WAN ION device to cause a system disruption by sending a specially crafted IPv6 packet...

EUVD-2026-8827

Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint...

CVE-2021-22368

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device...

CVE-2020-7007

In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service...

CVE-2023-4419

The LMS5xx uses hard-coded credentials, which potentially allow low-skilled unauthorized remote attackers to reconfigure settings and /or disrupt the functionality of the device...

CVE-2025-65363

Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...

CVE-2025-65363

Authenticated append-style command-injection Ruijie APs APRGOS 11.1.x allows an authenticated web user to execute appended shell expressions as root, enabling file disclosure, device disruption, and potential network pivoting via the command parameter to the webaction.do endpoint...

EUVD-2021-10335

Malware in sbrugna...

EUVD-2024-43155

Malicious code in bioql PyPI...

EUVD-2022-49964

Malicious code in bioql PyPI...

EUVD-2024-33078

Malicious code in bioql PyPI...

VulnCheck KEV: CVE-2025-47188

A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones through 6.4 SP4 R6.4.0.4006, and the 6970 Conference Unit through 6.4 SP4 R6.4.0.4006 or version V1 R0.1.0, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient paramete...

CVE-2019-5291

Some Huawei products have an insufficient verification of data authenticity vulnerability. A remote, unauthenticated attacker has to intercept specific packets between two devices, modify the packets, and send the modified packets to the peer device. Due to insufficient verification of some field...

CVE-2024-9832

CVE-2024-9832 affects the Baxter Life2000 ventilator. The root issue is an unlimited number of login attempts using the Clinician Password or Serial Number Clinician Password, enabling brute-force access to the device. Once compromised, an attacker could modify device settings that may disrupt ve...

PT-2024-33308 · Unknown · Ventilator

Name of the Vulnerable Software and Affected Versions: Ventilator affected versions not specified Description: The issue concerns the ventilator's failure to perform proper file integrity checks when adopting firmware updates. This allows an attacker to force unauthorized changes to the device's...

CVE-2024-6207

CVE-2024-6207 affects Rockwell Automation ControlLogix/CompactLogix families (ControlLogix 5580 and 5580 Process; GuardLogix 5580; CompactLogix 5380 and Compact GuardLogix 5380 SIL 2/3; CompactLogix 5480; FactoryTalk Logix Echo). Root cause: improper input validation in CIP Message Handler, explo...

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...