Lucene search
K

110 matches found

Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.16 views

PT-2026-48296

FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and triggering an internal safe-guard exception. This exception was in a path that was not catchable, and...

6.5CVSS5.6AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.11 views

CVE-2026-7415

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.5AI score0.00544EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/04 3:36 a.m.12 views

CVE-2026-49186

The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...

8.6CVSS5.8AI score0.0032EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.13 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the lack of mandatory implementation of topic-level access control lists by the local MQTT Broker. As a result, any client that...

9.8CVSS5.3AI score0.0032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/29 8:30 a.m.9 views

CVE-2026-49198 Predator Connect W6x: MQTT Broker Access Control

Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors...

8.3CVSS5.8AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 5:16 p.m.14 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00274EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 4:11 p.m.30 views

CVE-2026-7415

The CVE-2026-7415 vulnerability affects the MQTT broker embedded in Yarbo firmware v2.3.9. The broker is configured to allow anonymous connections with no topic-level read/write ACLs, enabling any host on the same network to subscribe to sensitive telemetry topics or publish control messages dire...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/07 4:11 p.m.8 views

CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS5.8AI score0.00544EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/07 4:11 p.m.58 views

CVE-2026-7415 Open MQTT orchestration without read/write ACLs in Yarbo robot firmware

The MQTT broker embedded in Yarbo firmware v2.3.9 is configured to allow anonymous connections with no topic-level read or write ACLs. Any host on the same network can subscribe to sensitive telemetry topics or publish control messages directly to the robot without authentication or authorization...

9.8CVSS0.00544EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.13 views

RHEL 10 : yggdrasil (RHSA-2026:11375)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:11375 advisory. yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child worker...

7.5CVSS7.9AI score0.00728EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/11 3:22 p.m.7 views

CVE-2026-21888

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. MQTT v5 Variable Byte Integer parsing out-of-bounds: getvarinteger accepts 5-byte varints without bounds checks; reliably triggers OOB read / crash when built with ASan. This affects 0.24.6 and earlier...

7.5CVSS5.8AI score0.00302EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:27 a.m.9 views

CVE-2021-33176

VerneMQ MQTT Broker versions prior to 1.12.0 are vulnerable to a denial of service attack as a result of excessive memory consumption due to the handling of untrusted inputs. These inputs cause the message broker to consume large amounts of memory, resulting in the application being terminated by...

7.5CVSS6.8AI score0.011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.10 views

CVE-2023-45851

The Android Client application, when enrolled to the AppHub server,connects to an MQTT broker without enforcing any server authentication. This issue allows an attacker to force the Android Client application to connect to a malicious MQTT broker, enabling it to send fake messages to the HMI devi...

8.8CVSS6.8AI score0.00447EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:58 a.m.10 views

CVE-2023-45321

The Android Client application, when enrolled with the define method 1 the user manually inserts the server ip address, use HTTP protocol to retrieve sensitive information ip address and credentials to connect to a remote MQTT broker entity instead of HTTPS and this feature is not configurable by...

8.8CVSS6.7AI score0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-8134

Malware in sbrugna...

6.5CVSS6.5AI score0.00648EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.10 views

EUVD-2019-15210

Malware in sbrugna...

7.5CVSS6.7AI score0.00372EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-19891

Malware in sbrugna...

7.5CVSS7.5AI score0.011EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/06 12:0 a.m.12 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS0.00173EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2023-32758

Malicious code in bioql PyPI...

6.8CVSS6.7AI score0.00283EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-42837

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.00387EPSS
Exploits0References1
Rows per page
Query Builder