Lucene search
K

698 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-33390

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS6AI score0.0021EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 8:16 p.m.6 views

CVE-2026-11405

The web server binary /bin/httpd contains a hidden backdoor authentication mechanism in the login function at 004c88b8. - The function contains a normal authentication path using MD5/hash-based password verification prodencode64/PasswordToMd5/checkrandkey. - After normal authentication fails, it...

9.8CVSS0.00668EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55969

Name of the Vulnerable Software and Affected Versions Tenda firmware versions US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware versions US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware versions US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware versions US AC5V1.0RTL V15.03.06.48...

9.8CVSS7.2AI score0.00668EPSS
Exploits1References44
EUVD
EUVD
added 2026/06/25 3:2 p.m.5 views

EUVD-2026-39433

CWE-476 NULL Pointer Dereference vulnerability exists that could cause a denial-of-service condition, rendering the device’s HMI and configuration functionality unavailable when malformed requests are received over exposed network interfaces...

8.7CVSS5.8AI score0.00263EPSS
Exploits0References1
NVD
NVD
added 2026/06/22 10:16 a.m.14 views

CVE-2025-4994

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS0.00207EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/22 8:10 a.m.5 views

CVE-2025-4994

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS5.9AI score0.00207EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/22 8:10 a.m.21 views

CVE-2025-4994

CVE-2025-4994 affects SafeLine SL6 and SL6+ devices used in elevator emergency intercoms. A BLE-facing authentication bypass allows an attacker within wireless range to obtain unauthorized administrative access to the device configuration. Documented impact includes high affects on confidentialit...

8.7CVSS5.9AI score0.00207EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/22 8:10 a.m.41 views

CVE-2025-4994 Authentication Bypass for SafeLine SL6 and SL6+

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS0.00207EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/22 8:10 a.m.9 views

EUVD-2025-210297

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS5.9AI score0.00207EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/22 12:0 a.m.14 views

PT-2026-51287

Name of the Vulnerable Software and Affected Versions SafeLine SL6 affected versions not specified SafeLine SL6+ affected versions not specified Description SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems contain an authentication bypass. This issue allows...

8.7CVSS6.1AI score0.00207EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/06/06 12:43 a.m.12 views

CVE-2026-20245

A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vBond, could allow an authenticated, local attacker to execute arbitrary commands as root by supplyi...

7.8CVSS6.3AI score0.25323EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:42 p.m.15 views

CVE-2025-59601

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

6.5CVSS5.4AI score0.00107EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.10 views

CVE-2026-7824

An issue was discovered in the PaperCut Hive Ricoh embedded application. When the "Deep Logging" diagnostic mode is enabled, the application inadvertently records administrative credentials in plain text within the log files. An attacker with administrative access to the PaperCut Hive management...

5.9CVSS5.5AI score0.00242EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.11 views

CVE-2026-23819

A vulnerability in the web-based management interface of Access Points running AOS-10 and AOS-8 Instant could allow an unauthenticated remote attacker to execute arbitrary JavaScript code in a victim's browser within the same local network. Successful exploitation could allow an attacker to...

8.8CVSS6AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.10 views

EUVD-2025-210018

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

6.5CVSS5.8AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 11:16 p.m.16 views

CVE-2025-59601

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

6.5CVSS0.00107EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 10:5 p.m.33 views

CVE-2025-59601 Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

6.5CVSS0.00107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 10:5 p.m.14 views

CVE-2025-59601 Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

6.5CVSS5.8AI score0.00107EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 10:5 p.m.21 views

CVE-2025-59601

CVE-2025-59601 concerns devices with a Powerline interface where resetting to factory default exposes device configuration. The vulnerability enables Information Disclosure via the reset path, with an Adjacent attack vector, Low attack complexity, and no privileges required, resulting in High Con...

6.5CVSS5.8AI score0.00107EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder