Lucene search
+L

1579 matches found

CVE
CVE
added 2026/06/02 9:22 p.m.19 views

CVE-2024-14036

Dräger Core 1.0.5 and Dräger M540 Converter Service 1.0.9 are affected by a denial-of-service vulnerability where specially crafted, unencrypted SDC discovery messages exhaust CPU resources. Network-adjacent attackers with hospital-network access can trigger high CPU load, causing subsequent SDC ...

8.7CVSS5.8AI score0.00284EPSS
Exploits0References2
NVD
NVD
added 2026/05/29 1:16 p.m.24 views

CVE-2026-49324

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/29 12:39 p.m.14 views

CVE-2026-49316 Indian Scout Bobber 2025 WCM CAN bus-off attack silently bypasses anti-theft shutdown

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 12:39 p.m.10 views

CVE-2026-49316

Expected behavior violation in the in-vehicle network of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker to bypass the motorcycle's anti-theft shutdown by forcing the Wireless Control Module WCM into the CAN bus-off state. Using a well-known CAN...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 12:32 p.m.20 views

EUVD-2026-33289

Uncontrolled resource consumption in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with write access to the in-vehicle network to permanently immobilize the motorcycle. The WCM enforces a brute-force lockout on the...

4.6CVSS5.8AI score0.00174EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 7:29 a.m.13 views

CVE-2026-49322

Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/27 12:0 a.m.14 views

CVE-2026-36539

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

5.8AI score0.00358EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/26 8:59 p.m.18 views

CVE-2026-47672

epa4all-client is the Java Client for epa4all / ePA 3.0 in the Telematik Infrastruktur. In 1.2.4 and earlier, any network-reachable caller can write arbitrary documents to any patient's electronic health record accessible by the institution's SMC-B card. In a misconfigured deployment e.g.,...

6.5CVSS5.9AI score0.00162EPSS
Exploits0References3Affected Software1
RedHat Linux
RedHat Linux
added 2026/05/26 9:30 a.m.17 views

mysql: InnoDB unspecified vulnerability (CPU Apr 2026)

Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via...

4.9CVSS7.2AI score0.00242EPSS
Exploits0References6
NVD
NVD
added 2026/05/22 9:16 p.m.30 views

CVE-2026-3294

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Successful exploitation allows an attacker to obtain full...

8.8CVSS0.00398EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/05/22 12:43 a.m.21 views

CVE-2026-34908

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system...

10CVSS5.7AI score0.02452EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 12:43 a.m.8 views

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.7AI score0.02269EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2026/05/22 12:43 a.m.12 views

CVE-2026-34910

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

10CVSS5.8AI score0.78555EPSS
Exploits2References1
CVE
CVE
added 2026/05/22 12:43 a.m.30 views

CVE-2026-33000

Summary: CVE-2026-33000 affects UniFi OS devices and stems from an Improper Input Validation that enables a Command Injection. An attacker with network access and high privileges could exploit this with no user interaction to achieve potentially high impact on confidentiality, integrity, and avai...

9.1CVSS5.8AI score0.01248EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 12:43 a.m.12 views

CVE-2026-33000

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

9.1CVSS5.8AI score0.01248EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/22 12:43 a.m.15 views

EUVD-2026-31384

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS5.7AI score0.02269EPSS
Exploits2References1
Cvelist
Cvelist
added 2026/05/22 12:43 a.m.74 views

CVE-2026-34909

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account...

10CVSS0.02269EPSS
Exploits2References1
CVE
CVE
added 2026/05/22 12:43 a.m.221 views

CVE-2026-34908

CVE-2026-34908 affects UniFi OS Server. The issue is an improper access control that can allow an unauthenticated bypass of the auth flow via a discrepancy between raw and normalized URIs in nginx, potentially leading to unauthorized changes and remote code execution. A fix is available: upgrade ...

10CVSS5.7AI score0.02452EPSS
In wildExploits2References3Affected Software1
CVE
CVE
added 2026/05/22 12:43 a.m.113 views

CVE-2026-34910

CVE-2026-34910 affects UniFi OS Server and is triggered by an Improp er Input Validation vulnerability in UniFi OS devices, enabling an unauthenticated Command Injection over the network. The connected documentation shows that the vulnerability path leads to remote code execution with potential f...

10CVSS5.8AI score0.78555EPSS
In wildExploits2References3Affected Software1
Cvelist
Cvelist
added 2026/05/21 5:11 p.m.45 views

CVE-2026-48249 Open ISES Tickets < 3.44.2 Disabled TLS Certificate Verification in rm/incs/mobile_login.inc.php

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobilelogin.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the mobile RouteMate login flow. An attacker positioned on the...

8.2CVSS0.00173EPSS
Exploits0References3
Rows per page
Query Builder