426 matches found
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation due to improper validation of JWT aud and iss claims in the Windows MDM authentication flow. An attacker can enroll unauthorized devices by presenting a valid Microsoft-signed Azure AD token from any tenant. This is...
Exposure of Data Element to Wrong Session
Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...
CVE-2026-34391
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...
CVE-2026-34391 Fleet Vulnerable to Windows MDM cross-device command disclosure
Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets...
CVE-2026-24288
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack...
EUVD-2026-10608
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack...
EUVD-2026-10609
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack...
CVE-2026-24288
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack...
CVE-2026-24288
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack...
CVE-2026-24288
CVE-2026-24288 is a Windows vulnerability affecting the Windows Mobile Broadband Driver, described as a heap-based buffer overflow that enables code execution. The issue is tied to Windows Mobile Broadband Driver and is fixed by Microsoft updates; the advisory set lists the vulnerability as addre...
Windows Mobile Broadband Driver Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Mobile Broadband allows an unauthorized attacker to execute code with a physical attack...
PT-2026-24282
Interested in USB Airgap? Soon a detail description of CVE-2026-24288. This vulnerability in the Windows Mobile Broadband driver could allow an attacker to execute code. Ability to send unsolicited events from the USB device to the host is the entry point. Stay tuned! 😉...
SUSE CVE-2026-22808
fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...
GO-2026-4336 Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability in github.com/fleetdm/fleet
Fleet Windows MDM endpoint has a Cross-site Scripting vulnerability in github.com/fleetdm/fleet...
CVE-2026-23518
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...
CVE-2026-23518 Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not...
CVE-2026-22808
fleetdm/fleet is open source device management software. Prior to versions 4.78.2, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, if Windows MDM is enabled, an unauthenticated attacker can exploit this XSS vulnerability to steal a Fleet administrator's authentication token FLEET::authtoken from localStorage...
GHSA-63M5-974W-448V Fleet has a JWT signature bypass vulnerability in Azure AD MDM enrollment
Summary A vulnerability in Fleet’s Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized...
EUVD-2020-2324
Malware in sbrugna...
EUVD-2020-12281
Malware in sbrugna...