Lucene search
K

55268 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-37271

Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under specific conditions, previously captured BLE packets can be replayed from a nearb...

9.8CVSS0.00373EPSS
Exploits0References2
NVD
NVD
added 4 days ago6 views

CVE-2026-37270

Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...

9.8CVSS0.00374EPSS
Exploits0References2
Nuclei
Nuclei
added 4 days ago94 views

DrayTek Vigor - Command Injection

DrayTek Gateway devices Vigor2960, Vigor300B, etc. are vulnerable to command injection via the session parameter in the /cgi-bin/mainfunction.cgi/apmcfgupload endpoint. An attacker can inject arbitrary commands and retrieve their output. id: CVE-2024-12987 info: name: DrayTek Vigor - Command...

9.8CVSS7.4AI score0.98084EPSS
Exploits1References2
Nuclei
Nuclei
added 4 days ago106 views

D-Link DNS-320 - Remote Code Execution

The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerable to remote command injection. id: CVE-2019-16057 info: name: D-Link DNS-320 - Remote Code Execution author: DhiyaneshDk severity: critical description: | The loginmgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnerabl...

10CVSS7.2AI score0.8721EPSS
Exploits1References5
Nuclei
Nuclei
added 4 days ago107 views

D-Link DAR-8000-10 - Command Injection

D-Link DAR-8000-10 version has an operating system command injection vulnerability. The vulnerability originates from the parameter id of the file /app/sys1.php which can lead to operating system command injection. id: CVE-2023-4542 info: name: D-Link DAR-8000-10 - Command Injection author:...

9.8CVSS6.7AI score0.86533EPSS
Exploits1References5
CVE
CVE
added 4 days ago17 views

CVE-2026-10659

The CVE concerns Zephyr’s Dhara FTL disk driver (drivers/disk/ftl_dhara.c). On flash read errors, the driver previously wrote error codes unconditionally to a caller-supplied err pointer, and the journal-resume path forwarded NULL into dhara_nand_read(), causing a NULL dereference during disk ini...

4.7CVSS6AI score0.00098EPSS
Exploits1References2Affected Software1
NVD
NVD
added 4 days ago9 views

CVE-2026-13199

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS0.00114EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 4 days ago6 views

CVE-2026-13199

EEPROM firmware on Raspberry Pi 5 and Compute Module 5 devices produced non-random KASLR and RNG seed values. This resulted in consistent kernel addresses across boots and devices, potentially making it easier to exploit other vulnerabilities. Additionally, the low-quality RNG seed may affect the...

5.1CVSS5.9AI score0.00114EPSS
Exploits0References3
OSV
OSV
added 4 days ago4 views

MINI-FWMX-43V5-W43V

Bulletin has no description...

5.9AI score
Exploits0
Cvelist
Cvelist
added 4 days ago24 views

CVE-2026-37270

Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and the presence of hard-coded credentials in the firmware...

0.00374EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-37271

CVE-2026-37271 affects Fire-Boltt Smartwatch FB BGS001 (Firmware MOY-JS14-2.0.4). The issue is improper authentication: the device accepts GATT Write Request commands without sufficient authentication or strong session validation. Under certain conditions, previously captured BLE packets can be r...

9.8CVSS6AI score0.00373EPSS
Exploits0References2
CVE
CVE
added 4 days ago9 views

CVE-2026-37270

The CVE-2026-37270 entry affects the Trueview Security camera T18161- AF with firmware v4.9.60.0. The vulnerability is an authentication bypass caused by improper password validation and hard-coded credentials present in the firmware. The CVSS metrics indicate a critical impact (CVSS 3.1: base sc...

9.8CVSS5.9AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 5 days ago2 views

DEBIAN-CVE-2026-42546

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.3.0 and prior to version 4.11.0, a resource leak exists in OP-TEE’s shared memory cleanup logic because the functio...

3.8CVSS6AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 5 days ago96 views

CVE-2026-11405

CVE-2026-11405 affects multiple Tenda firmware versions where the web server binary /bin/httpd implements a hidden backdoor authentication in login(): after normal MD5-based verification, if authentication fails it reads a config value via GetValue("sys.rzadmin.password") and compares it to the u...

9.8CVSS6AI score0.00668EPSS
Exploits1References3
Cvelist
Cvelist
added 5 days ago48 views

CVE-2026-11405 Hidden backdoor authentication mechanism in multiple versions of Tenda firmware allows admin access to web management interface

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

0.00668EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 5 days ago11 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

6AI score0.00271EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago8 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...

9.8CVSS7.2AI score0.00668EPSS
Exploits1References44
Android Security Bulletins
Android Security Bulletins
added 5 days ago8 views

Wear OS Security Bulletin—July 2026Stay organized with collectionsSave and categorize content based on your preferences.

The Wear OS Security Bulletin contains details of security vulnerabilities affecting the Wear OS platform. The full Wear OS update comprises the security patch level of 2026-07-05 or later from the July 2026 Android Security Bulletin in addition to all issues in this bulletin. We encourage all...

6.4AI score
Exploits0
CERT
CERT
added 5 days ago4 views

HP Deskjet 2800 Printer Series Webservers contain Missing Authorization Vulnerability

Overview HP Printers in the Deskjet 2800 Series running firmware version =TBP1CN2612AR contain a missing authorization vulnerability tracked as CVE-2026-13753. This vulnerability allows unauthenticated access to the printer's webserver API endpoints, exposing Wi-Fi credentials, management...

7.5CVSS6.2AI score0.00271EPSS
Exploits0
CERT
CERT
added 5 days ago7 views

Tenda firmware (multiple versions) contains hidden authentication backdoor

Overview Several versions of Tenda firmware contain an undocumented authentication backdoor that grants administrative access to the devices' web management interfaces. An attacker can expoit this vulnerability, tracked as CVE-2026-11405, to bypass the password verification process and obtain ful...

9.8CVSS6.1AI score0.00668EPSS
Exploits1References3
Rows per page
Query Builder