CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32294

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM Keyboard, Video, Mouse over Internet Protocol devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium , span four different products from GL-iNet...

EUVD-2026-12608

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32294

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295

CVE-2026-32295 affects JetKVM prior to version 0.5.4, where there is no rate limiting on login attempts. This enables brute-force attempts to guess credentials, exposing potential unauthorized access. The vulnerability is mitigated by upgrading to version 0.5.4 (fix referenced in multiple sources...

CVE-2026-32295

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32295 JetKVM insufficient login rate limiting

JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials...

CVE-2026-32294 JetKVM insufficient firmware verification

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

CVE-2026-32294

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

CVE-2026-32294

JetKVM before 0.5.4 fails to verify downloaded firmware authenticity, enabling an attacker-in-the-middle or compromised update server to modify firmware and its SHA256 hash to pass verification. Impact is limited to local impact with high integrity risk, per CVSS 3.1/4.0 metrics: local access, hi...

CVE-2026-32294 JetKVM insufficient firmware verification

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...

Multiple IP-KVM Vulnerabilities

RISK EVALUATION Multiple KVM products GL-iNet GL-RM1, Angeet ES3 KVM, Sipeed NanoKVM, and JetKVM are affected by multiple vulnerabilities. The most severe of these vulnerabilities could allow a remote, unauthenticated attacker to take complete control of a vulnerable product. 2. RECOMMENDED...

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of verification of the authenticity of downloaded firmware files. This could allow intermediate parties o...

JetKVM 安全漏洞

JetKVM is an open-source remote computer management tool developed by JetKVM. Versions of JetKVM prior to 0.5.4 contained security vulnerabilities. These vulnerabilities stemmed from the lack of rate limiting on login requests, which could allow brute-force attacks to attempt to guess credentials...

PT-2026-25917

🚨 CVE-2026-32295: JetKVM insufficient login rate l... KVM-over-IP devices with zero brute-force protection are basically screaming "pwn me" to every script kiddie with a wor... https://t.co/xBzcOcZWDZ netsec vulnerability CVE sysadmin zeroday...

PT-2026-25916

JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification...