CVE-2026-49193

Technical details about CVE-2026-49193 are not publicly available in the provided documents; monitor for updates from official sources.

CVE-2026-49193 Publicly Readable AWS S3 Telemetry Buckets

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

CVE-2026-49193

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

CVE-2026-36174

CVE-2026-36174 affects GNCC GP5 v7.1.76, where sensitive wireless network information is stored in plaintext during routine serial console operations. The issue enables physically proximate attackers to retrieve credentials by monitoring the serial UART interface. The CVSS vector (AV:P/AC:L/PR:N/...

OSNexus QuantaStor SDS Manager 安全漏洞

OSNexus QuantaStor SDS Manager is a software-defined storage management platform developed by the American company OSNexus. There is a security vulnerability in OSNexus QuantaStor SDS Manager. This vulnerability stems from improper cleaning of the user name field in the login endpoint, allowing...

PT-2026-46151

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet...

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability, which stems from overly permissive configuration settings of the cloud storage container. This vulnerability may lead to the unauthorized disclosure of activ...

GNCC GP5 安全漏洞

GNCC GP5 is a 2K indoor security camera produced by GNCC Corporation. The GNCC GP5 v7.1.76 version contains a security vulnerability. This vulnerability stems from the practice of storing the pre-signed Backblaze B2 upload URL as plain text in the serial console. This could allow physically...

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

CVE-2026-36176

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

EUVD-2026-34277

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

CVE-2025-67448

The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the...

PT-2026-46842

AVideo: Stored XSS via autoEvalCodeOnHTML in MessageSQLite WebSocket Handler Summary AVideo has a stored XSS vulnerability in the WebSocket messaging system. The MessageSQLite.php handler only strips autoEvalCodeOnHTML from $json'msg', but msgToResourceId reads from $msg'json' with higher priorit...

CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

PT-2026-46245

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

PT-2026-46782

Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-34279

GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs PUT requests in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface...

Moderate: mysql security update

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon mysqld and many client programs and libraries. Security Fixes: mysql: InnoDB unspecified vulnerability CPU Apr 2026 CVE-2026-22004 mysql: Information Schema unspecified vulnerability CPU Apr 2026...

PT-2026-46117

Node names long name, short name received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a public Meshtastic MQTT broker can set a malicious node name that executes JavaScript in the browser of every Malla dashboard visitor...