CVE-2026-50226

CVE-2026-50226 affects the AcerConnect OTA application. The issue arises from fixed AES-128-CBC keys inside the app, allowing attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-sig...

Description of the security update for Project 2016: December 10, 2024 (KB5002652)

Description of the security update for Project 2016: December 10, 2024 KB5002652 Summary This security update for Microsoft Office provides defense-in-depth update to help improve security-related features. To learn more about the update, see Microsoft advisory ADV240002. Note: To apply this...

Privilege escalation

A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

NetComm NWL-25 Device Directory Disclosure Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. A device catalog disclosure vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to obtain the device's catalog...