Lucene search
+L

335 matches found

euvd
euvd
added 2026/06/12 3:1 p.m.11 views

EUVD-2026-36475

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS5.5AI score0.00412EPSS
Exploits2References2
vulnrichment
vulnrichment
added 2026/06/12 3:1 p.m.12 views

CVE-2026-50085 Aqara Board IoT insecure debug API

The Aqara Board service op-test.aqara.com accepts arbitrary MQTT command payloads, and forwards them to the platfom's HiveMQ broker without authentication. This is an instance of "CWE-306: Missing Authentication for Critical Function" and has an estimated CVSS...

8.6CVSS5.6AI score0.00412EPSS
Exploits1References2
cve
cve
added 2026/06/12 3:1 p.m.36 views

CVE-2026-50085

The CVE-2026-50085 entry concerns the Aqara Board service at op-test.aqara.com. Connected sources provide concrete details: the service accepts arbitrary MQTT command payloads and forwards them to the platform’s HiveMQ broker without authentication, representing CWE-306 Missing Authentication for...

9.8CVSS5.6AI score0.00412EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/12 3:1 p.m.10 views

CVE-2026-50084 Aqara API cross-account access

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.4AI score0.00244EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/12 3:1 p.m.31 views

CVE-2026-50084 Aqara API cross-account access

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS0.00244EPSS
Exploits1References2
cve
cve
added 2026/06/12 3:1 p.m.41 views

CVE-2026-50084

CVE-2026-50084 concerns the Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api), where any valid developer token could access any account due to missing authorization (CWE-862). The CVSSv3.1 base score is 9.6 (CRITICAL): Network-based, Low attack complexity, Privileges Required: Low, Use...

9.6CVSS5.4AI score0.00244EPSS
Exploits1References2Affected Software1
vulnrichment
vulnrichment
added 2026/06/12 3:0 p.m.10 views

CVE-2026-50083 Aqara hardcoded OAuth client credentials

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS5.4AI score0.00364EPSS
Exploits1References2
cvelist
cvelist
added 2026/06/12 3:0 p.m.31 views

CVE-2026-50083 Aqara hardcoded OAuth client credentials

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.1CVSS0.00364EPSS
Exploits1References2
cve
cve
added 2026/06/12 3:0 p.m.25 views

CVE-2026-50083

The CVE-2026-50083 entry concerns the Aqara IAM/SSO Gateway (gw-builder.aqara.com) using a hardcoded OAuth client credential (CWE-798). This weak credential could enable a fully unauthenticated, remote takeover when combined with CVE-2026-50082, CVE-50084, and CVE-50085. Documented CVSSv3.1 base ...

9.8CVSS5.4AI score0.00364EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.17 views

PT-2026-48907

The Aqara IAM/SSO Gateway gw-builder.aqara.com used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Credentials." This issue has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N 9.1 Critical. When combined with CVE-2026-50082, CVE-50084, a...

9.8CVSS5.4AI score0.00364EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.31 views

PT-2026-48909

Name of the Vulnerable Software and Affected Versions Aqara Board service affected versions not specified Description The Aqara Board service at the endpoint "op-test.aqara.com" accepts arbitrary MQTT command payloads and forwards them to the platform's HiveMQ broker without authentication. This...

9.8CVSS5.4AI score0.00412EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/06/05 7:22 p.m.11 views

CVE-2026-34311

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications component: Opera. Supported versions that are affected are 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6 and 5.6.28. Easily exploitable vulnerability allows unauthenticated attacker with network...

9.8CVSS5.5AI score0.00461EPSS
Exploits0References1
nvd
nvd
added 2026/05/28 9:16 p.m.23 views

CVE-2026-46839

Vulnerability in Oracle REST Data Services component: Core. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle REST Data Services. While the vulnerability is in Oracle REST Data...

9.9CVSS0.00352EPSS
Exploits0References1
cvelist
cvelist
added 2026/05/26 5:6 p.m.38 views

CVE-2026-7251 Eppendorf BioFlo 320 Use of hard-coded password

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...

9.8CVSS0.00498EPSS
Exploits0References3
f5
f5
added 2026/05/20 5:46 a.m.19 views

K000161327: NGINX UI vulnerability CVE-2026-33032

Security Advisory Description Nginx UI is a web user interface for the Nginx web server. In versions 2.3.5 and prior, the nginx-ui MCP Model Context Protocol integration exposes two HTTP endpoints: /mcp and /mcpmessage. While /mcp requires both IP whitelisting and authentication AuthRequired...

9.8CVSS6AI score0.38477EPSS
Exploits4
osv
osv
added 2026/05/08 5:47 a.m.8 views

BIT-JRE-2025-30749

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.2AI score0.01058EPSS
Exploits1References4
osv
osv
added 2026/05/08 5:43 a.m.16 views

BIT-JRE-2020-2604

Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u241, 8u231, 11.0.5 and 13.0.1; Java SE Embedded: 8u231. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...

8.1CVSS7.3AI score0.04903EPSS
Exploits0References25
osv
osv
added 2026/05/06 2:45 p.m.7 views

BIT-JAVA-2025-50106

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.2AI score0.00611EPSS
Exploits0References4
osv
osv
added 2026/05/06 2:45 p.m.12 views

BIT-JAVA-MIN-2025-30749

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS7.2AI score0.01058EPSS
Exploits1References4
osv
osv
added 2026/05/06 2:45 p.m.6 views

BIT-JAVA-2025-30749

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

8.1CVSS5.9AI score0.01058EPSS
Exploits1References4
Rows per page
Query Builder