Lucene search
+L

941 matches found

EUVD
EUVD
added 2026/04/24 12:6 a.m.9 views

EUVD-2026-25351

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...

9.8CVSS5.8AI score0.00405EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/24 12:6 a.m.34 views

CVE-2026-25775 SenseLive X3050 Missing authentication for critical function

A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded...

9.8CVSS0.00405EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.13 views

PT-2026-34800

Name of the Vulnerable Software and Affected Versions SenseLive X3050 affected versions not specified Description A flaw in the remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related...

9.8CVSS5.9AI score0.00405EPSS
Exploits0References8
NVD
NVD
added 2026/04/21 10:16 p.m.11 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 9:43 p.m.22 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and earlier are affected by a Bluetooth pairing flow that can be forced by an attacker. Once paired, the attacker can use the OTA firmware updating functionality to potentially upload malicious firmware to the motorcycle. The attack requires proximity to the ...

6.4CVSS5.7AI score0.00134EPSS
Exploits0References2
NVD
NVD
added 2026/04/20 4:16 a.m.5 views

CVE-2026-32958

SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update...

6.9CVSS0.00228EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/20 3:19 a.m.3 views

CVE-2026-32958

SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update...

6.9CVSS5.7AI score0.00228EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2026/04/20 3:19 a.m.16 views

CVE-2026-32958

Affected products: SD-330AC and AMC Manager by silex technology, Inc. The issue stems from a hard-coded cryptographic key, enabling an administrative user to be directed to apply a fake firmware update. According to the provided data, impact is high on integrity, with no confidentiality impact, a...

6.9CVSS5.7AI score0.00228EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/04/20 12:0 a.m.10 views

Silex SD-330AC和Silex AMC Manager 安全漏洞

Both the Silex SD-330AC and the Silex AMC Manager are products of the Japanese company Silex. The Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. The Silex AMC Manager is a management software used for centralized management...

6.9CVSS7.1AI score0.00228EPSS
Exploits0References1
HPE Security Bulletins
HPE Security Bulletins
added 2026/04/14 12:0 a.m.4 views

HPESBHF05036 rev.1 - Certain HPE ProLiant AMD DL/XL Servers Using Certain AMD EPYC Processors, AMD-SB-3016: IOMMU Write Buffer Vulnerability, Loss of Confidential Guest Integrity Vulnerability

Potential Security Impact: Local: Buffer Overflow SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE ProLiant DL145 Gen11 - Prior to 1.7008-07-2025 HPE ProLiant DL325 Gen11 Server - Prior to 2.7008-07-2025 HPE ProLiant DL345 Gen11 Server - Prior to 2.7008-07-2025 HPE ProLiant DL3...

5.3CVSS6.1AI score
Exploits0
Hewlett-Packard
Hewlett-Packard
added 2026/03/31 12:0 a.m.15 views

Intel Ethernet Adapters 800 Series February 2026 Security Update

Intel has informed HP of potential security vulnerabilities in the firmware for some Intel® Ethernet Adapters 800 Series Controllers and associated adapters, which might allow denial of service. Intel has released firmware updates to mitigate these potential vulnerabilities. Intel has released...

6.7CVSS6AI score0.0024EPSS
Exploits0Affected Software8
CVE
CVE
added 2026/03/16 9:26 a.m.13 views

CVE-2025-15587

CVE-2025-15587 concerns Tinycontrol devices (tcPDU, LK3.5, LK3.9, LK4) where a low-privileged user can read the administrator password by accessing a resource not exposed via the GUI. The root cause is credential exposure through direct resource access, leading to high impact on confidentiality a...

8.6CVSS5.7AI score0.00176EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:30 p.m.4 views

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/10 9:30 p.m.3 views

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/10 9:30 p.m.6 views

EUVD-2026-10904

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/10 9:30 p.m.30 views

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS0.0041EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24471

Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/03/04 1:44 p.m.6 views

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/28 7:47 a.m.8 views

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

7.8CVSS5.9AI score0.00153EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/28 1:55 a.m.10 views

CVE-2026-25195

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route...

8CVSS6.6AI score0.01447EPSS
Exploits0References1
Rows per page
Query Builder