55268 matches found
CVE-2026-37271
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...
CVE-2026-37270
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...
DrayTek Vigor - Command Injection
DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...
D-Link DNS-320 - Remote Code Execution
The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...
D-Link DAR-8000-10 - Command Injection
D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection. id: CVE-2023-4542 info: name: D-Link DAR-8000-10 - Command Injection author:...
CVE-2026-10659
The CVE concerns Zephyr’s Dhara FTL disk driver (drivers/disk/ftl_dhara.c). On flash read errors, the driver previously wrote error codes unconditionally to a caller-supplied err pointer, and the journal-resume path forwarded NULL into dhara_nand_read(), causing a NULL dereference during disk ini...
CVE-2026-13199
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
CVE-2026-13199
EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...
MINI-FWMX-43V5-W43V
Bulletin has no description...
CVE-2026-37270
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...
CVE-2026-37271
CVE-2026-37271 affects Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4). The issue is improper authentication: the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be r...
CVE-2026-37270
The CVE-2026-37270 entry affects the Trueview Security camera T18161- AF with firmware v4.9.60.0. The vulnerability is an authentication bypass caused by improper password validation and hard-coded credentials present in the firmware. The CVSS metrics indicate a critical impact (CVSS 3.1: base sc...
DEBIAN-CVE-2026-42546
OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...
CVE-2026-11405
CVE-2026-11405 affects multiple Tenda firmware versions where the web server binary /bin/httpd implements a hidden backdoor authentication in login(): after normal MD5-based verification, if authentication fails it reads a config value via GetValue("sys.rzadmin.password") and compares it to the u...
CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface
The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...
CVE-2026-13753 CVE-2026-13753
A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...
PT-2026-55969
Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...
Wear OS Security Bulletin—July 2026Stay organized with collectionsSave and categorize content based on your preferences.
The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-07-05 or later from the July 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...
HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability
Overview HP Printers in the Deskjet 2800 Series running firmware version =TBP1CN2612AR contain a missing authorization vulnerability tracked as CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi credentials, management...
Tenda firmware (multiple versions) contains hidden authentication backdoor
Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...