Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6174 matches found

OSV
OSVadded 2026/03/30 4:59 p.m.2 views

CVE-2025-49010 OpenSC: Stack-buffer-overflow WRITE in GET RESPONSE

OpenSC is an open source smart card tools and middleware. Prior to version 0.27.0, an attacker with physical access to the computer at the time user or administrator uses a token can cause a stack-buffer-overflow write in GET RESPONSE. The attack requires crafted USB device or smart card that wou...

3.8CVSS5.8AI score0.0013EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/03/28 12:0 a.m.6 views

PT-2026-34017

Name of the Vulnerable Software and Affected Versions Tenda W30E version V2.0 V16.01.0.21 Description The formSetUSBPartitionUmount function fails to properly neutralize special elements when processing the usbPartitionName parameter. This allows a remote attacker to execute arbitrary commands by...

9.8CVSS5.8AI score0.0215EPSS
Exploits1References5
RedhatCVE
RedhatCVEadded 2026/03/27 10:51 p.m.7 views

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

6.8CVSS5.9AI score0.00124EPSS
Exploits0References1
OSV
OSVadded 2026/03/27 3:47 p.m.1 views

SUSE-SU-2026:1130-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47110: Fixed possible memory corruption when restoring from hibernation in x86/kvm bsc1221532. - CVE-2025-21738: ata: libata-sff: Ensure that we cannot writ...

7.8CVSS6.9AI score0.00245EPSS
Exploits0References11
EUVD
EUVDadded 2026/03/27 12:31 a.m.3 views

EUVD-2026-16452

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
NVD
NVDadded 2026/03/26 10:16 p.m.4 views

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

6.8CVSS0.00124EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/03/26 9:16 p.m.19 views

CVE-2026-4346 Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

5.1CVSS0.00124EPSS
Exploits0References2
CVE
CVEadded 2026/03/26 9:16 p.m.8 views

CVE-2026-4346

The CVE concerns TP-Link TL-WR850N v3 where credentials (administrative and Wi‑Fi) are stored in cleartext in a region of the device’s flash while the serial interface is enabled and protected by weak authentication. A physical attacker who can access the serial port can recover sensitive data, i...

6.8CVSS5.8AI score0.00124EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/03/26 9:16 p.m.2 views

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

5.1CVSS5.8AI score0.00124EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/26 3:18 p.m.4 views

CVE-2025-31703

A vulnerability found in Dahua NVR/XVR device. A third-party malicious attacker with physical access to the device may gain access to a restricted shell via the serial port, and bypasses the shell's authentication mechanism to escalate privileges...

2.4CVSS5.8AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:10 p.m.2 views

CVE-2026-32724

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc1, a heap-use-after-free is detected in the MavlinkShell::available function. The issue is caused by a race condition between the MAVLink receiver thread which handles shell creation/destruction and the telemetry sender thre...

5.3CVSS5.8AI score0.00251EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:5 p.m.3 views

CVE-2019-25469

Folder Lock 7.7.9 contains a buffer overflow vulnerability in the serial number registration field that allows local attackers to crash the application by submitting an oversized payload. Attackers can paste a 6000-byte buffer of arbitrary data into the 'Serial Number and Registration Key' field ...

6.9CVSS6.2AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.1 views

CVE-2026-32291

The GL-iNet Comet GL-RM1 KVM before 1.8.2 does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

7CVSS6AI score0.00332EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/03/26 3:2 p.m.3 views

CVE-2026-32706

PX4 autopilot is a flight control solution for drones. Prior to 1.17.0-rc2, The crsfrc parser accepts an oversized variable-length known packet and copies it into a fixed 64-byte global buffer without a bounds check. In deployments where crsfrc is enabled on a CRSF serial port, an...

8.1CVSS6AI score0.00309EPSS
Exploits1References1
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:7 a.m.4 views

net: usb: kalmia: validate USB endpoints

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:7 a.m.3 views

can: usb: etas_es58x: correctly anchor the urb in the read bulk callback

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:6 a.m.5 views

can: usb: f81604: correctly anchor the urb in the read bulk callback

...

5.5CVSS5.8AI score0.00127EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:4 a.m.2 views

net: usb: pegasus: validate USB endpoints

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:4 a.m.4 views

can: usb: f81604: handle short interrupt urb messages properly

...

5.5CVSS5.8AI score0.00122EPSS
Exploits0
Microsoft CVE
Microsoft CVEadded 2026/03/26 8:3 a.m.3 views

can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message

...

5.5CVSS5.8AI score0.00123EPSS
Exploits0
Rows per page
Query Builder