Lucene search
K

18 matches found

NVD
NVD
added 4 days ago7 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS0.00323EPSS
Exploits0References7
NVD
NVD
added 4 days ago6 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-15320 Sipeed PicoClaw pico.go rt.ReloadConfig authorization

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS0.00234EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-15320

A vulnerability was detected in Sipeed PicoClaw up to 0.2.9. This vulnerability affects the function rt.ReloadConfig of the file pkg/channels/pico/pico.go. Performing a manipulation of the argument message.send results in missing authorization. It is possible to initiate the attack remotely. The...

5.5CVSS5.9AI score0.00234EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42775

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 4 days ago9 views

CVE-2026-15319

A security vulnerability has been detected in Sipeed PicoClaw up to 0.2.9. This affects the function IPAllowlist of the file web/backend/middleware/accesscontrol.go of the component Launcher. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit...

7.5CVSS6.4AI score0.00323EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-15318 Sipeed PicoClaw MQTT Channel mqtt.go authorization

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS0.00214EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-42765

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago8 views

CVE-2026-15318

A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument clientid causes incorrect authorization. The attack is possible to be...

6.5CVSS6.2AI score0.00214EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 4 days ago9 views

EUVD-2026-42757

A security flaw has been discovered in Sipeed PicoClaw up to 0.2.9. Affected by this vulnerability is the function WebFetchTool.Execute of the file pkg/tools/integration/web.go of the component Guarded Web Fetch Flow. The manipulation results in server-side request forgery. The attack can be...

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
CVE
CVE
added 4 days ago11 views

CVE-2026-15317

Sipeed PicoClaw

7.5CVSS6.2AI score0.00247EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2026/03/18 11:42 a.m.9 views

9 Critical IP KVM Flaws Enable Unauthenticated Root Access Across Four Vendors

Cybersecurity researchers have warned about the risks posed by low-cost IP KVM Keyboard, Video, Mouse over Internet Protocol devices, which can grant attackers extensive control over compromised hosts. The nine vulnerabilities, discovered by Eclypsium , span four different products from GL-iNet...

9.8CVSS6.8AI score0.01424EPSS
Exploits0
EUVD
EUVD
added 2026/03/17 6:30 p.m.10 views

EUVD-2026-12610

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References5
NVD
NVD
added 2026/03/17 6:16 p.m.7 views

CVE-2026-32296

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS0.00504EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/17 5:19 p.m.30 views

CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS0.00504EPSS
Exploits0References4
CVE
CVE
added 2026/03/17 5:19 p.m.29 views

CVE-2026-32296

Sipeed NanoKVM (pre-2.3.1) exposes a Wi‑Fi configuration endpoint without proper access checks, allowing an unauthenticated attacker with network access to either change the saved Wi‑Fi network to a value of the attacker’s choosing or craft a request to exhaust memory and terminate the KVM proces...

8.8CVSS5.8AI score0.00504EPSS
Exploits0References4
OSV
OSV
added 2026/03/17 5:19 p.m.4 views

CVE-2026-32296 Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint

Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate...

8.8CVSS6.1AI score0.00504EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.8 views

NanoKVM 安全漏洞

NanoKVM is an open-source remote computer control device developed by Sipeed. Versions of NanoKVM prior to 2.3.1 contained security vulnerabilities. These vulnerabilities stemmed from insufficient security checks in Wi-Fi configuration endpoints, which could allow unauthorized attackers to modify...

8.8CVSS6AI score0.00504EPSS
Exploits0References4
Rows per page
Query Builder