941 matches found
EUVD-2026-25351
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...
PT-2026-34800
Name of the Vulnerable Software and Affected Versions SenseLive X3050 affected versions not specified Description A flaw in the remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related...
CVE-2026-1354
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
CVE-2026-1354
Zero Motorcycles firmware versions 44 and earlier are affected by a Bluetooth pairing flow that can be forced by an attacker. Once paired, the attacker can use the OTA firmware updating functionality to potentially upload malicious firmware to the motorcycle. The attack requires proximity to the ...
CVE-2026-32958
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update...
CVE-2026-32958
SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update...
CVE-2026-32958
Affected products: SD-330AC and AMC Manager by silex technology, Inc. The issue stems from a hard-coded cryptographic key, enabling an administrative user to be directed to apply a fake firmware update. According to the provided data, impact is high on integrity, with no confidentiality impact, a...
Silex SD-330AC和Silex AMC Manager 安全漏洞
Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...
HPESBHF05036 rev.1 - Certain HPE ProLiant AMD DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-3016: IOMMU Write Buffer Vulnerability, Loss of Confidential Guest Integrity Vulnerability
Potential Security Impact: Local: Buffer Overflow SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE ProLiant DL145 Gen11 - Prior to 1.7008-07-2025 HPE ProLiant DL325 Gen11 Server - Prior to 2.7008-07-2025 HPE ProLiant DL345 Gen11 Server - Prior to 2.7008-07-2025 HPE ProLiant DL3...
Intel Ethernet Adapters 800 Series February 2026 Security Update
Intel has informed HP of potential security vulnerabilities in the firmware for some Intel® Ethernet Adapters 800 Series Controllers and associated adapters, which might allow denial of service. Intel has released firmware updates to mitigate these potential vulnerabilities. Intel has released...
CVE-2025-15587
CVE-2025-15587 concerns Tinycontrol devices (tcPDU, LK3.5, LK3.9, LK4) where a low-privileged user can read the administrator password by accessing a resource not exposed via the GUI. The root cause is credential exposure through direct resource access, leading to high impact on confidentiality a...
CVE-2026-28806
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
EUVD-2026-10904
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
PT-2026-24471
Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...
CVE-2026-3344
A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...
CVE-2026-1442
Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...
CVE-2026-25195
An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route...