Lucene search
+L

6 matches found

NVD
NVD
•added 2026/06/12 4:16 p.m.•28 views

CVE-2026-50084

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS0.00244EPSS
Exploits1References2
Cvelist
Cvelist
•added 2026/06/12 3:1 p.m.•31 views

CVE-2026-50084 Aqara API cross-account access

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS0.00244EPSS
Exploits1References2
EUVD
EUVD
•added 2026/06/12 3:0 p.m.•11 views

EUVD-2026-36472

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS5.4AI score0.00266EPSS
Exploits1References2
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•16 views

PT-2026-48906

🚨 CVE-2026-50082 The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5...

9.8CVSS6.2AI score0.00412EPSS
Exploits2References5
Positive Technologies
Positive Technologies
•added 2026/06/12 12:0 a.m.•47 views

PT-2026-48908

The Aqara Cloud Production API open-cn.aqara.com/v3.0/open/api would authorize any valid developer token for access to any account. This is an instance of "CWE-862: Missing Authorization" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N 9.6 Critical. When combined with...

9.6CVSS5.3AI score0.00244EPSS
Exploits1References4
Positive Technologies
Positive Technologies
•added 2025/10/23 12:0 a.m.•10 views

PT-2025-43541

Name of the Vulnerable Software and Affected Versions Oxford Nanopore Technologies MinKNOW versions prior to 24.11 Description The MinKNOW software stores authentication tokens in a world-readable file within the system's temporary directory /tmp on the host machine. If a token is compromised, an...

7.8CVSS6.9AI score0.00155EPSS
Exploits0References8
Rows per page
Query Builder