752 matches found
CVE-2026-49322 Indian Scout Bobber 2025 Infotainment-to-WCM weak authentication allows recovery of user PIN from observed exchange
Weak authentication in the Wireless Control Module WCM of the Indian Motorcycle Scout Bobber + Tech 2025 model year allows an adjacent-network attacker with read access to the in-vehicle network to recover the user-set unlock PIN by passively observing a single PIN authentication exchange. The...
Indian Motorcycle Scout Bobber + Tech 安全漏洞
The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by weak authentication in the Wireless Control Module. This vulnerability could allow neighboring networ...
Indian Motorcycle Scout Bobber + Tech 安全漏洞
The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by weak authentication between the Wireless Control Module and the Engine Control Module. This...
CODESYS Visualization 安全漏洞
CODESYS Visualization is a functional module developed by the German company CODESYS. It transforms the operation status of programs into a visual interface. There is a security vulnerability in CODESYS Visualization, which stems from insufficient authentication data isolation. This vulnerability...
Weak Authentication
Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Weak Authentication in the uploadRecordedVideo.json.php process. An attacker can gain unauthorized access to any user account, including administrative accounts, b...
Security Updates for Microsoft Dynamics 365 Business Central (May 2026) (CVE-2026-40417)
The Microsoft Dynamics 365 Business Central install is missing a security update. It is, therefore, affected by an elevation of privilege vulnerability: - Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally. CVE-2026-40417 Note that Nessus...
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...
When configuration becomes a vulnerability: Exploitable misconfigurations in AI apps
In this article 1. Background 2. What is an exploitable misconfiguration? 3. Exploitable misconfigurations in popular AI applications 4. Minimizing the risk: Practical deployment guidance 5. How Microsoft Defender for Cloud helps detect exposures in Kubernetes 6. Learn more AI and agentic...
PT-2026-40956
HCL AION is affected by a vulnerability where adequate protections against brute-force attempts are not enforced. This may allow repeated authentication attempts, potentially leading to unauthorized access or account compromise under certain conditions...
CVE-2026-40417
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
EUVD-2026-29674
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
CVE-2026-40417
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
CVE-2026-40417
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability
Weak authentication in Dynamics Business Central allows an authorized attacker to elevate privileges locally...
PT-2026-40227
Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 Business Central affected versions not specified Description Weak authentication procedures allow an authorized attacker to elevate privileges locally. Recommendations At the moment, there is no information about a newer...
CVE-2026-7413
A hidden, persistent backdoor was found in Yarbo firmware v2.3.9 that provides remote, unauthenticated or weakly authenticated access to privileged functionality. The backdoor is undocumented, cannot be disabled via user-facing settings, and survives factory reset and ordinary firmware updates...
Yarbo 安全漏洞
Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a security vulnerability. This vulnerability stems from a hidden persistent backdoor, which may allow unauthorized, remote access with weak authentication to...
GeoVision GV-IP Device Utility 安全漏洞
The GeoVision GV-IP Device Utility is a network configuration tool developed by the Chinese company GeoVision, designed for discovering and managing IP monitoring devices. Version 9.0.5 of the GeoVision GV-IP Device Utility contains a security vulnerability. This vulnerability stems from...
Operation-West-Wild-2.0
Operation West Wild 2.0 – Penetration Testing Report 📌 Ove...
Yadea T5 Electric Bicycle
RISK EVALUATION Successful exploitation of this vulnerability could result in an attacker being able to unlock and start the bicycle, leading to vehicle theft. 2. RECOMMENDED PRACTICES CISA provides a section for control systems security recommended practices on the ICS webpage on cisa.gov/ics...