CVE-2026-50084

CVE-2026-50084 concerns the Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api), where any valid developer token could access any account due to missing authorization (CWE-862). The CVSSv3.1 base score is 9.6 (CRITICAL): Network-based, Low attack complexity, Privileges Required: Low, Use...

vulnerability-research

Vulnerability Research & Responsible Disclosure Shivam Paji...

ZTE ZXHN-F660T/F660A - Default Credentials

ZXHN-F660T and ZXHN-F660A provided by ZTE Japan K.K. use a common credential for all installations. With the knowledge of the credential, an attacker may log in to the affected devices. id: CVE-2025-53558 info: name: ZTE ZXHN-F660T/F660A - Default Credentials author: DhiyaneshDK severity: high...

CVE-2026-28551

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

EUVD-2026-9814

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-28551

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-28551

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-28551

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-28551

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-28551

Technical details about CVE-2026-28551 are not publicly available in the provided documents. No affected products, components, root cause, exploit information, or fixes are disclosed. Monitor for updates.

PT-2026-23433

Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability...

CVE-2026-27753 SODOLA SL902-SWTGW124AS <= 200.1.20 Improper Login Rate Limiting

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain an authentication bypass vulnerability that allows remote attackers to perform unlimited login attempts against the management interface. Attackers can conduct online password guessing attacks without account lockout or rate...

CVE-2023-43885

Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device...

CVE-2023-43199

D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function...

CVE-2023-31700

TP-Link TL-WPA4530 KIT V2 EU170406 and V2 EU161115 is vulnerable to Command Injection via httpRpmPlcDeviceAdd...

CVE-2025-23384

A vulnerability has been identified in RUGGEDCOM RM1224 LTE4G EU 6GK6108-4AM00-2BA2 All versions V8.2.1, RUGGEDCOM RM1224 LTE4G NAM 6GK6108-4AM00-2DA2 All versions V8.2.1, SCALANCE M804PB 6GK5804-0AP00-2AA2 All versions V8.2.1, SCALANCE M812-1 ADSL-Router family All versions V8.2.1, SCALANCE M816...

CVE-2022-23467

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the razerattrreaddpistages, potentially bypassing KASLR. To exploit this vulnerability an attacker would...

CVE-2021-41096

Rucky is a USB HID Rubber Ducky Launch Pad for Android. Versions 2.2 and earlier for release builds and versions 425 and earlier for nightly builds suffer from use of a weak cryptographic algorithm RSA/ECB/PKCS1Padding. The issue will be patched in v2.3 for release builds and 426 onwards for...

CVE-1999-0508

An account on a router, firewall, or other network device has a default, null, blank, or missing password...

CVE-2025-64699

CVE-2025-64699 affects SevenCs ORCA G2 2.0.1.35 (EC2007 Kernel v5.22). The regService process, running with SYSTEM privileges, applies a Security Descriptor to a device object that has no explicitly configured DACL. This can allow an attacker to perform unauthorized raw disk operations, potential...