Lucene search
K

1085 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/08 5:21 p.m.9 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS6AI score0.00907EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.16 views

CVE-2026-34123

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.6AI score0.00151EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/06 12:31 a.m.11 views

EUVD-2026-34933

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS5.4AI score0.00151EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/06/06 12:0 a.m.12 views

TP-Link Tapo C520WS 安全漏洞

The TP-Link Tapo C520WS is a WiFi camera produced by the TP-Link company. The TP-Link Tapo C520WS v2 has a security vulnerability. This vulnerability stems from logical flaws in the device’s API authorization mechanism. Attackers could exploit this flaw to bypass the whitelist restrictions and ma...

7CVSS5.4AI score0.00151EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/05 11:50 p.m.49 views

CVE-2026-34123 Whitelist Validation Bypass in TP-Link Tapo C520WS

On Tapo C520WS v2, restricted accounts for example, hub users are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechanism, an attacker can craft requests that leverage legitimate “method mapping” behavior to bypass...

7CVSS0.00151EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:47 p.m.9 views

CVE-2026-6355

A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration...

6.5CVSS5.5AI score0.00213EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.10 views

CVE-2026-32962

SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication...

6.9CVSS7.1AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:15 p.m.11 views

CVE-2026-20223

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.9 views

Arista EOS 安全漏洞

Arista EOS is a fully programmable, highly modular Linux-based network operating system developed by the American company Arista. There is a security vulnerability in Arista EOS, which stems from the fact that when configuring OpenConfig, a gNMI Set request that should be rejected may still be...

9.6CVSS5.3AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 12:6 p.m.39 views

CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

5.9CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 12:6 p.m.8 views

CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/02 12:6 p.m.11 views

CVE-2026-41918

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.22 views

PT-2026-45755

A vulnerability has been identified in RUGGEDCOM RST2428P 6GK6242-6PA00 All versions V4.0. The affected applications stores sensitive information in the browser cache when an authenticated user modify specific configurations. This could allow an authenticated attacker to access sensitive data...

5.9CVSS5.7AI score0.00194EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/29 5:22 p.m.13 views

Incorrect Authorization

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Authorization via the chat.send route. An attacker can perform unauthorized privileged actions by leveraging inherited external routes to bypass required scope checks, enabling...

8.8CVSS5.5AI score0.00253EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/29 10:36 a.m.11 views

CVE-2026-9809

A stored Cross-Site Scripting XSS vulnerability exists in the Projects component of Mautic 7. When displaying project tags and popovers on administrative detail views such as campaigns, emails, or forms, user-supplied project names are rendered without proper sanitization. An authenticated user...

7.6CVSS5.8AI score0.00164EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.18 contained security vulnerabilities. These vulnerabilities stemmed from a range-bypass vulnerability in the Gateway chat.send route, allowing clients with restricted ranges to...

8.8CVSS5.9AI score0.00253EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.19 views

PT-2026-44972

Name of the Vulnerable Software and Affected Versions TP-Link TL-SG108PE v5 affected versions not specified Description A stored cross-site scripting XSS issue exists in the web management interface. This occurs because the SYSNAM configuration parameter is not properly sanitized during the...

5.3CVSS5.7AI score0.00239EPSS
Exploits0References6
Cisco
Cisco
added 2026/05/20 4:0 p.m.11 views

Cisco Secure Workload Unauthorized API Access Vulnerability

A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote attacker to access site resources with the privileges of the Site Admin role. This vulnerability is due to insufficient validation and authentication when accessing REST...

10CVSS5.8AI score0.00835EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/19 7:45 a.m.12 views

EUVD-2026-30851

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...

6.3CVSS5.8AI score0.00252EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 7:45 a.m.29 views

CVE-2026-44408

Summary: CVE-2026-44408 affects the ZTE MU5250 due to improper permission control in the Web interface, enabling an unauthorized attacker to modify configuration via the web UI. The CVSS 3.1 vector is AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H with a base score of 6.3 (Medium) . Exploitation status is n...

6.3CVSS5.8AI score0.00252EPSS
Exploits0References1
Rows per page
Query Builder