Lucene search
K

3048 matches found

OSV
OSV
added 2026/06/19 7:35 p.m.4 views

GHSA-X84V-G949-293W Home Assistant: Konnected alarm-panel switch state and zone topology disclosed to unauthenticated actors on the LAN

Summary The Konnected integration registers an HTTP endpoint, KonnectedView homeassistant/components/konnected/init.py, that is marked as not requiring authentication requiresauth = False. A comment next to that line says auth is instead handled "via the access token from configuration." That...

7.6CVSS6AI score0.00193EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 1:41 p.m.6 views

CVE-2026-9142

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS5.9AI score0.00308EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 1:41 p.m.29 views

CVE-2026-9142 Insecure Default Credentials vulnerability in NI grpc-device when TLS configuration is not present

There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback. This may allow an unauthenticated user access to the server on the local network. This affects NI grpc-device 2.17.0 and prior versions...

9.3CVSS0.00308EPSS
Exploits0References2
CVE
CVE
added 2026/06/19 1:41 p.m.20 views

CVE-2026-9142

NI grpc-device versions prior to 2.17.0 are affected by an insecure default credentials vulnerability when TLS configuration is absent and the server binds beyond the loopback interface. This could allow an unauthenticated access to the server on the local network. No exploit details or fixes are...

9.3CVSS5.9AI score0.00308EPSS
Exploits0References2Affected Software1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in sane-backends

A heap buffer overflow in SANE backends before version 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, known as GHSL-2020-080...

8.8CVSS7.8AI score0.03044EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.16 views

PT-2026-50901

Name of the Vulnerable Software and Affected Versions NI grpc-device versions prior to 2.17.0 Description Insecure default credentials exist when TLS configuration is absent and the server is bound beyond the loopback interface. This allows an unauthenticated user on the local network to gain...

9.3CVSS6.8AI score0.00308EPSS
Exploits0References8
NVD
NVD
added 2026/06/15 6:16 a.m.11 views

CVE-2026-12220

A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function modupgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.14 views

CVE-2026-12221

A vulnerability was found in Yealink SIP-T46U 108.86.0.118. This impacts the function sprintf of the file /api/upgrade/upgrade of the component Firmware Chunk Upload Handler. Performing a manipulation of the argument uid/startoffset results in stack-based buffer overflow. The attack needs to be...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.13 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.12 views

CVE-2026-12223

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 6:16 a.m.14 views

CVE-2026-12218

A vulnerability was detected in Yealink SIP-T46U 108.87.50.1. The affected element is the function StartReportInformation of the file /api/inner/beforewifitest of the component Web FastCGI Service. The manipulation of the argument port results in stack-based buffer overflow. Access to the local...

8.6CVSS0.00371EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 5:30 a.m.38 views

CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS0.01194EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 5:30 a.m.29 views

CVE-2026-12223

The CVE affects Yealink SIP-T46U with firmware 108.86.0.118, specifically the Web FastCGI Service component. The vulnerability lies in the mod_webd.TFTPUploadIperf function within /api/inner/tftpuploadiperf, where manipulating the ip/port argument leads to command injection. Exploitation is descr...

5.5CVSS5.7AI score0.01194EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 5:30 a.m.7 views

CVE-2026-12223 Yealink SIP-T46U Web FastCGI Service tftpuploadiperf mod_webd.TFTPUploadIperf command injection

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS5.7AI score0.01194EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/15 5:30 a.m.10 views

EUVD-2026-36696

A vulnerability was identified in Yealink SIP-T46U 108.86.0.118. Affected by this vulnerability is the function modwebd.TFTPUploadIperf of the file /api/inner/tftpuploadiperf of the component Web FastCGI Service. The manipulation of the argument ip/port leads to command injection. The attack need...

5.5CVSS5.5AI score0.01194EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/15 5:15 a.m.36 views

CVE-2026-12222 Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS0.00371EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 5:15 a.m.7 views

CVE-2026-12222 Yealink SIP-T46U Web FastCGI Service bttest mod_webd.BlueToothTest stack-based overflow

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5
CVE
CVE
added 2026/06/15 5:15 a.m.22 views

CVE-2026-12222

CVE-2026-12222 affects Yealink SIP-T46U (firmware 108.86.0.118) via the Web FastCGI Service: function mod_webd.BlueToothTest in /api/inner/bttest, where manipulating btMac/pin/reserved can trigger a stack-based overflow. Exploitation reportedly public and feasible within a local network; vendor d...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/15 5:15 a.m.2 views

CVE-2026-12222

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS7.6AI score0.00371EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/06/15 5:15 a.m.11 views

EUVD-2026-36695

A vulnerability was determined in Yealink SIP-T46U 108.86.0.118. Affected is the function modwebd.BlueToothTest of the file /api/inner/bttest of the component Web FastCGI Service. Executing a manipulation of the argument btMac/pin/reserved can lead to stack-based buffer overflow. The attack needs...

8.6CVSS8.3AI score0.00371EPSS
Exploits0References5
Rows per page
Query Builder