351 matches found
CVE-2026-32999
CVE-2026-32999 affects Comet Backup server; the issue is insufficient character filtering in the backup agent signing module. This vulnerability allows an authenticated tenant administrator to execute arbitrary code on behalf of a privileged user on the affected server and connected devices. The ...
PT-2026-44177
Name of the Vulnerable Software and Affected Versions Comet Backup versions prior to 26.4.3 Comet Backup versions prior to 26.5.0 Description Insufficient character filtering in the backup agent signing module allows an authenticated tenant administrator with branding permissions to execute...
CVE-2026-36539
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...
CVE-2026-36539
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skkget.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...
EUVD-2026-30056
A command injection vulnerability was discovered in TeamViewer DEX Platform On-Premises former 1E DEX Platform On-Premises prior to version 9.2. Improper input validation allows authenticated users with at least questioner privileges to inject commands in specific instructions. Exploitation could...
CVE-2026-24292
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
EUVD-2026-10616
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
EUVD-2026-10617
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
CVE-2026-24292
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
CVE-2026-24292
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
CVE-2026-24292 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
...
CVE-2026-24292
CVE-2026-24292 is a Windows vulnerability in the Connected Devices Platform Service (Cdpsvc) described as a use-after-free that enables local privilege escalation for an authenticated, non-user interaction scenario. Connected documents corroborate the issue with Cdpsvc and list the CVE-2026-24292...
CVE-2026-24292
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
PT-2026-24286
Use after free in Connected Devices Platform Service Cdpsvc allows an authorized attacker to elevate privileges locally...
CVE-2025-1242
The administrative credentials can be extracted through application API responses, mobile application reverse engineering, and device firmware reverse engineering. The exposure may result in an attacker gaining full administrative access to the Gardyn IoT Hub exposing connected devices to malicio...
SUSE CVE-2026-23173
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...
UBUNTU-CVE-2026-23173
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, delete flows only for existing peers When deleting TC steering flows, iterate only over actual devcom peers instead of assuming all possible ports exist. This avoids touching non-existent peers and ensures cleanup ...
CVE-2026-21234
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally...
CVE-2026-21234
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally...