313 matches found
CVE-2026-50209
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-49185
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
CVE-2026-50209 MDM Server Registration Overriding
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-50209 MDM Server Registration Overriding
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
EUVD-2026-34221
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
CVE-2026-50209
CVE-2026-50209 describes a vulnerability where broadcast events allow malicious software to rewrite the device’s default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. The issue is tied to the MDM registration/endpoint resolution flow a...
CVE-2026-49185
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
CVE-2026-49185
The CVE-2026-49185 entry concerns FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling command/instruction injection. Affected component: adb messaging topic within FieldX MDM; root cause is unverified payloads executed via Runtime.exec(). Imp...
PT-2026-46161
Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from a broadcast event that allows malware to overwrite the device’s default mobile device management endpoint address, potentially...
Acer M6E 安全漏洞
The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from the FieldX MDM adb messaging topic directly passing unvalidated payloads to Runtime.exec, potentially leading to command injection...
PT-2026-46140
The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...
CVE-2025-48652
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2025-210017
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48652
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
ASB-A-452042097
In performPreInstallChecks of InstallRepository.kt, there is a possible way to bypass MDM policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-30374
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...
EUVD-2026-30368
Fleet is open source device management software. Prior to version 4.81.0, a vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled...
GHSA-FFG9-J72F-J6XM Fleet Windows MDM Azure AD JWT Authentication Bypass
Summary A vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not enforce the aud audience or iss issuer claims, any Microsoft-signed...
GHSA-2RC4-7JC6-QFFH Fleet has a Windows MDM management endpoint authentication bypass
Summary A vulnerability in Fleet’s Windows MDM management endpoint could allow requests to be processed without proper client certificate validation. In certain circumstances, this could allow an attacker to impersonate an enrolled Windows device and retrieve sensitive configuration data. Impact...