EPSON ESC/POS 访问控制错误漏洞

EPSON ESC/POS is a protocol used by the Japanese company EPSON for controlling POS printers. EPSON ESC/POS has a vulnerability related to access control. This vulnerability stems from the lack of user authentication and command authorization mechanisms, no control over network communication sourc...

Medium: python-jwt

Issue Overview: pyjwt v2.10.1 was discovered to contain weak encryption. CVE-2025-45768 Affected Packages: python-jwt Issue Correction: Run dnf update python-jwt --releasever 2023.10.20260302 or dnf update --advisory ALAS2023-2026-1467 --releasever 2023.10.20260302 to update your system. More...

PT-2026-23481

Name of the Vulnerable Software and Affected Versions Nginx UI versions prior to 2.3.3 Description Nginx UI is a web user interface for the Nginx web server. A critical flaw exists where the '/api/backup' endpoint is accessible without authentication. When this endpoint is accessed, the server...

Linux Distros Unpatched Vulnerability : CVE-2026-3337

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing...

RustDesk 安全漏洞

RustDesk is a remote access and control software developed by RustDesk personal developers. It is primarily written in Rust and can be used to maintain computers and other devices remotely. Versions of RustDesk 1.4.5 and earlier contain security vulnerabilities. These vulnerabilities stem from th...

EUVD-2026-9413

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

EUVD-2025-208278

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2026-23601

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

CVE-2026-23601

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2026-23810 Cross-BSSID GTK Re-encryption and Traffic Injection

A vulnerability in the packet processing logic may allow an authenticated attacker to craft and transmit a malicious Wi-Fi frame that causes an Access Point AP to classify the frame as group-addressed traffic and re-encrypt it using the Group Temporal Key GTK associated with the victim's BSSID...

CVE-2026-23601

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

CVE-2026-23601 Frame Injection via Shared GTK Allows Traffic Spoofing and Client Compromise

A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of...

CVE-2025-59785

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59785 API - Insufficient Input Validation

Improper validation of API end-point in 2N Access Commander version 3.4.2 and prior allows attacker to bypass password policy for backup file encryption. This vulnerability can only be exploited after authenticating with administrator privileges...

CVE-2025-59785

CVE-2025-59785 involves improper validation of an API end-point in 2N Access Commander v3.4.2 and earlier. The vulnerability allows an attacker who has administrator privileges to bypass the password policy used for encrypting backup files. The issue is tied to insufficient input validation on th...

EUVD-2026-9377

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

CVE-2026-27441 PDF Password CMDi

SEPPmail Secure Email Gateway before version 15.0.1 insufficiently neutralizes the PDF encryption password, allowing OS command execution...

CVE-2026-27441

SEPPmail Secure Email Gateway is affected by CVE-2026-27441. In versions prior to 15.0.1, the product insufficiently neutralizes the PDF encryption password, allowing OS command execution. This is a potential network-accessible vulnerability with high impact to confidentiality, integrity, and ava...