CVE-2026-56307

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

EUVD-2026-38124

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

YeaLink DM 3.6.0.20 - Remote Command Injection

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...

Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint

Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service APNS tokens — through a...

CVE-2026-6241

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

CVE-2026-50209

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

CVE-2026-49185

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

PT-2026-47077

A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenticated attacker can send a crafted malicious request containing an excessive number of identifiers ...

CVE-2026-50209 MDM Server Registration Overriding

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

CVE-2026-50209

CVE-2026-50209 describes a vulnerability where broadcast events allow malicious software to rewrite the device’s default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. The issue is tied to the MDM registration/endpoint resolution flow a...

CVE-2026-50209 MDM Server Registration Overriding

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

EUVD-2026-34221

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

CVE-2026-49185

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

EUVD-2026-34199

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

CVE-2026-49185

The CVE-2026-49185 entry concerns FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling command/instruction injection. Affected component: adb messaging topic within FieldX MDM; root cause is unverified payloads executed via Runtime.exec(). Imp...

PT-2026-46140

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the FieldX MDM adb messaging topic directly passing unvalidated payloads to Runtime.exec, potentially leading to command injection...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from a broadcast event that allows malware to overwrite the device’s default mobile device management endpoint address, potentially...

PT-2026-46161

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

CVE-2025-48652

In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...