CVE-2026-33488

WWBN AVideo is an open source video platform. In versions up to and including 26.0, the createKeys function in the LoginControl plugin's PGP 2FA system generates 512-bit RSA keys, which have been publicly factorable since 1999. An attacker who obtains a target user's public key can factor the...

CVE-2026-29796 IGL-Technologies eParking.fi Missing Authentication for Critical Function

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

PT-2026-25913

CVE-2026-32291 The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UA… https://t.co/3nIVbSAO2u...

ABB AWIN GW100 访问控制错误漏洞

The ABB AWIN GW100 is a communication gateway device produced by the Swiss company ABB. The ABB AWIN GW100 rev.2 2.0-1 and earlier versions, as well as the ABB AWIN GW120 1.2-1 and earlier versions, have a security vulnerability related to access control. This vulnerability stems from the lack of...

Security issues in ESC/POS

Overview ESC/POS is a printer control language designed by Seiko Epson Corporation for controlling POS printers and related devices. The following security issues have been identified with ESC/POS. Products implementing ESC/POS need to be designed and operated with consideration of the following...

CVE-2026-22552

WebSocket endpoints lack proper authentication mechanisms, enabling attackers to perform unauthorized station impersonation and manipulate data sent to the backend. An unauthenticated attacker can connect to the OCPP WebSocket endpoint using a known or discovered charging station identifier, then...

Enel X JuiceBox 40: Access control error vulnerability

The Enel X JuiceBox 40 is a household electric vehicle charging station developed by the American company Enel X. The Enel X JuiceBox 40 has a access control vulnerability, which stems from the lack of authentication in the Telnet service. This vulnerability may lead to remote code execution...

PT-2025-52532

Name of the Vulnerable Software and Affected Versions Tapo C200 V3 affected versions not specified Description The HTTPS service on the device has a connectAP interface lacking proper authentication. An attacker on the same local network can exploit this to change the device’s Wi-Fi settings,...

EUVD-2011-4440

Malware in sbrugna...

EUVD-2020-27064

Malware in sbrugna...

EUVD-2009-3463

Malware in sbrugna...

EUVD-2019-16097

Malware in sbrugna...

EUVD-2016-10669

Malware in sbrugna...

EUVD-2019-7864

Malware in sbrugna...

EUVD-2016-10302

Malware in sbrugna...

CVE-2025-9983

The CVE-2025-9983 affects GALAYOU G2 IP cameras, where RTSP streams can be accessed without valid credentials. The issue arises because default credentials are not required to access streams, and changing them does not affect behavior, indicating an authentication bypass in the RTSP service. Affe...

ABB AbilityTM zenon 访问控制错误漏洞

ABB AbilityTM zenon is a software platform for managing operational data from ABB Switzerland. An access control error vulnerability exists in ABB AbilityTM zenon versions 7.50 through 14 that stems from a lack of authentication for critical functions...

ABB ASPECT 访问控制错误漏洞

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. An access control error vulnerability exists in ABB Aspect that stems from a lack of authentication for critical functions...

CVE-2023-30969

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints...

CVE-2021-35979

An issue was discovered in Digi RealPort through 4.8.488.0. The 'encrypted' mode is vulnerable to man-in-the-middle attacks and does not perform authentication...