Lucene search
+L

89 matches found

NVD
NVD
added yesterday6 views

CVE-2026-12705

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-45179

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS5.2AI score
Exploits0References1
Vulnrichment
Vulnrichment
added yesterday5 views

CVE-2026-12705 Integrity mechanism of KNX-device FW-files can be bypassed in ABB Update Tool

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS5.3AI score
Exploits0References1
Cvelist
Cvelist
added yesterday28 views

CVE-2026-12705 Integrity mechanism of KNX-device FW-files can be bypassed in ABB Update Tool

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS
Exploits0References1
CVE
CVE
added yesterday10 views

CVE-2026-12705

The CVE-2026-12705 entry concerns a missing integrity check in ABB KNX Update Tool (ABB) and KNX Update Tool (BJE) up to version 2.0.175. Affected components: KNX Update Tool (ABB) and KNX Update Tool (BJE); root cause: lack of integrity verification for KNX device firmware/files. Impact, as stat...

6.4CVSS5.2AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60766

Missing support for integrity check vulnerability in ABB KNX Update Tool ABB, ABB KNX Update Tool BJE. This issue affects KNX Update Tool ABB: through 2.0.175; KNX Update Tool BJE: through 2.0.175...

6.4CVSS5.2AI score
Exploits0References1
OSV
OSV
added 2026/05/03 12:32 p.m.17 views

MAL-2026-3246 Malicious code in win-update-helper-tool-v2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 251972769752a77d15c86627fe078560c49ce79a47bcc4542128386eb5362342 If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/03 12:30 p.m.11 views

Malicious code in system-update-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4902f753d49279adae969f368b995d1ec8990f506dfb70d9c8891098f657ae9b If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

6AI score
Exploits0References1
OSV
OSV
added 2026/05/03 12:30 p.m.9 views

MAL-2026-3245 Malicious code in system-update-tool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4902f753d49279adae969f368b995d1ec8990f506dfb70d9c8891098f657ae9b If run as a module, the code runs code to silently control the device via Telegram bot execute commands, exfiltrate files. --- Category: MALICIOUS - The campai...

6AI score
Exploits0References1
OSV
OSV
added 2026/04/30 11:34 a.m.8 views

CLSA-2026-1777548876 spamassassin: Fix of CVE-2018-11805

CVE-2018-11805: require --reallyallowplugins for sa-update --allowplugins to mitigate plugin injection from updates...

7.2CVSS6.9AI score0.00871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/25 7:22 a.m.7 views

CVE-2026-28525

SWUpdate contains an integer underflow vulnerability in the multipart upload parser in mongoosemultipart.c that allows unauthenticated attackers to cause a denial of service by sending a crafted HTTP POST request to /upload with a malformed multipart boundary and controlled TCP stream timing...

8.2CVSS5.9AI score0.00316EPSS
Exploits0References1
OSV
OSV
added 2026/03/31 2:16 p.m.3 views

DEBIAN-CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

5.3CVSS5.4AI score0.00141EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/31 2:16 p.m.5 views

CVE-2026-34155

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS5.8AI score0.00141EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/31 1:28 p.m.26 views

CVE-2026-34155 RAUC: Improper Signing of Plain Bundles Exceeding 2 GiB

RAUC controls the update process on embedded Linux systems. Prior to version 1.15.2, RAUC bundles using the 'plain' format exceeding a payload size of 2 GiB cause an integer overflow which results in a signature which covers only the first few bytes of the payload. Given such a bundle with a...

7.2CVSS0.00141EPSS
Exploits0References3
Snyk
Snyk
added 2026/02/19 8:27 p.m.7 views

CRLF Injection

Overview ebay-mcp is a Local MCP server for eBay APIs - provides access to eBay developer functionality through MCP Model Context Protocol Affected versions of this package are vulnerable to CRLF Injection via the updateEnvFile function of the ebaysetusertokens tool. An attacker can inject...

8.8CVSS6.7AI score0.00361EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/26 10:6 a.m.41 views

CVE-2025-59107 Static Firmware Encryption Password in dormakaba access manager

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS0.00167EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/26 10:6 a.m.5 views

CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS5.9AI score0.00167EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/26 10:6 a.m.8 views

EUVD-2025-206367

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS5.9AI score0.00167EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/26 10:6 a.m.4 views

CVE-2025-59107 Static Firmware Encryption Password in dormakaba access manager

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

8.5CVSS5.9AI score0.00167EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.8 views

Acer Updater Service code-related vulnerabilities

The Acer Updater Service is a software update tool provided by Acer, a company based in Taiwan, China. Version 1.2.3500.0 of the Acer Updater Service contains a code vulnerability. This vulnerability stems from an issue with the service path, where a service path without quotes was used, which ma...

8.5CVSS5.9AI score0.0016EPSS
Exploits0References3
Rows per page
Query Builder