PT-2026-23882

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221 Description A flaw exists in the TokenBalanceContentProvider function within the org.ethereumphone.walletmanager.testing123 component. A manipulation of this function can lead to improper...

PT-2026-23885

Name of the Vulnerable Software and Affected Versions Freedom Factory dGEN1 versions up to 20260221 Description A flaw exists in Freedom Factory dGEN1 that allows for improper authorization. The issue is located within the FakeAppReceiver function of the org.ethosmobile.ethoslauncher component...

Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from incorrect operations on the FakeAppProvider function...

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control And Lockout

Summary The Honeywell IQ4 Trend IQ4 is a line of intelligent building-management controllers designed to provide advanced unitary control, HVAC integration, and scalable I/O expansion for commercial environments. These controllers use Ethernet and TCP/IP networking with embedded XML, support BACn...

SUSE CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

CVE-2026-1229 vulnerabilities

Vulnerabilities for packages: trivy, reports-server, datadog-agent, nuclei, cert-manager-cmctl, crossplane-provider-azure-managedidentity, terragrunt, livekit-cli, atlantis, gitlab-runner, crossplane-provider-aws-cloudwatchlogs-fips, scorecard, crossplane-provider-aws-route53-fips,...

CVE-2026-27830

c3p0, a JDBC Connection pooling library, is vulnerable to attack via maliciously crafted Java-serialized objects and javax.naming.Reference instances. Several c3p0 ConnectionPoolDataSource implementations have a property called userOverridesAsString which conceptually represents a Map. Prior to...

Lifecycle-Integrated Security for AI-Cloud Convergence in Cyber-Physical Infrastructure

The convergence of Artificial Intelligence AI inference pipelines with cloud infrastructure creates a dual attack surface where cloud security standards and AI governance frameworks intersect without unified enforcement mechanisms. AI governance, cloud security, and industrial control system...

XML External Entity (XXE)

org.assertj, assertj-core is vulnerable to XML External Entity XXE. The vulnerability is due to the DocumentBuilderFactory in org.assertj.core.util.xml.XmlStringPrettyFormatter.toXmlDocumentString being initialized with default settings without disabling DTDs or external entities, which allows an...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

Synectix LAN 232 TRIO 访问控制错误漏洞

The Synectix LAN 232 TRIO is a serial-to-network converter developed by the British company Synectix. The Synectix LAN 232 TRIO has a access control vulnerability, which stems from the lack of authentication required for the web management interface. This vulnerability could allow unverified user...

CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2026-1633 Synectix LAN 232 TRIO Missing Authentication for Critical Function

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1207 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1207 Source advisory: SNYK:PYTHON-DJANGO-15183335...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1312 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1312 Source advisory: SNYK:PYTHON-DJANGO-15198931...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1285 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1285 Source advisory: OSV:GHSA-4RRR-2H4V-F3J9...

arches (=8.0.0a1), django-accounts-api (=1.2.5) +24 more potentially affected by CVE-2026-1312 via django (>=6.0.0 <=6.0.1)

django PYPI version =6.0.0, =1.1.0, =0.1.0, =0.1.0b2, =0.1.0, =6.0.0, =0.20.4, =0.22.1 and more Source cves: CVE-2026-1312 Source advisory: OSV:PYSEC-2026-47...

Synectix LAN 232 TRIO

RISK EVALUATION Successful exploitation of this vulnerability could result in an unauthenticated attacker modifying critical device settings or factory resetting the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

PT-2026-6051

Name of the Vulnerable Software and Affected Versions Synectix LAN 232 TRIO versions affected versions not specified Description The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter’s web management interface is accessible without authentication. This allows unauthenticated users to modify...