Lucene search
K

632 matches found

Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.9 views

PT-2026-35277

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leakage of administrator credentials. When the utility sends privileged commands to devices over UDP...

9.3CVSS5.4AI score0.00186EPSS
Exploits0References14
NVD
NVD
added 2026/04/24 4:16 p.m.4 views

CVE-2026-30368

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

5.4CVSS0.00346EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/24 12:0 a.m.33 views

CVE-2026-30368

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

5.4CVSS0.00346EPSS
Exploits1References2
CVE
CVE
added 2026/04/24 12:0 a.m.10 views

CVE-2026-30368

CVE-2026-30368 concerns Lightspeed Classroom (v5.1.2.1763770643). A client‑side authorization flaw allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client‑generated authorization tokens, enabling unauthorized control and monitoring of student devices...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/04/22 12:0 a.m.4 views

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013741)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013741 advisory. In the Linux kernel, the following vulnerability has been resolved: nbd: fix incomplete validation of ioctl arg We tested and found an alarm caused by nbdioctl arg...

5.5CVSS6.3AI score0.00136EPSS
Exploits0References4
ICS
ICS
added 2026/04/21 6:0 a.m.12 views

SenseLive X3050

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take complete control of the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Minimize network exposure for all...

5.7AI score
Exploits0References13
ICS
ICS
added 2026/04/16 6:0 a.m.7 views

Anviz Multiple Products

ADVISORY SUMMARY Successful exploitation of these vulnerabilities could allow attackers to conduct reconnaissance, capture or decrypt sensitive data, alter device configurations, gain unauthorized administrative or root‑level access, execute arbitrary code, compromise credentials or...

6.5AI score
Exploits0References11
EUVD
EUVD
added 2026/04/10 12:30 a.m.5 views

EUVD-2026-21203

A Use of Default Password vulnerability in the Juniper Networks Support Insights JSI Virtual Lightweight Collector vLWC allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change ...

9.8CVSS5.9AI score0.00456EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/09 12:0 a.m.22 views

CVE-2026-29923

The pstrip64.sys driver in EnTech Taiwan PowerStrip =3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures...

0.00107EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:16 p.m.3 views

CVE-2019-25651

Ubiquiti UniFi Network Controller prior to 5.10.12 excluding 5.6.42, UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, and UAP-AC Outdoor FW prior to 3.8.17, USW FW prior to 4.0.6, USG FW prior to 4.4.34 uses AES-CBC encryption for device-to-controller communication, which contains cryptographic weakness...

9CVSS5.8AI score0.0008EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/03/27 9:16 p.m.25 views

CVE-2019-25651

CVE-2019-25651 concerns Ubiquiti UniFi devices where AES-CBC encryption used for device-to-controller communication contains cryptographic weaknesses. Affected: UniFi Network Controller prior to 5.10.12 (except 5.6.42), UAP FW prior to 4.0.6, UAP-AC, UAP-AC v2, UAP-AC Outdoor FW prior to 3.8.17, ...

9CVSS5.8AI score0.0008EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:5 p.m.4 views

CVE-2025-15607

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS6.2AI score0.01953EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/20 6:31 p.m.3 views

EUVD-2025-208905

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS6.2AI score0.01953EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/20 6:31 p.m.6 views

EUVD-2025-208907

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...

7.7CVSS6.9AI score0.00528EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 4:31 p.m.2 views

CVE-2025-15608

This vulnerability in AX53 v1 results from insufficient input sanitization in the device’s probe handling logic, where unvalidated parameters can trigger a stack-based buffer overflow that causes the affected service to crash and, under specific conditions, may enable remote code execution throug...

7.7CVSS6.9AI score0.00528EPSS
Exploits0References3
CVE
CVE
added 2026/03/20 4:31 p.m.13 views

CVE-2025-15607

The CVE-2025-15607 issue affects TP-Link Archer AX53 v1 in the mscd (debug) component. The root cause is insufficient input handling in the mscd debug functionality, enabling command injection where log redirection to arbitrary files and concatenation of unvalidated file content into shell comman...

9.8CVSS6.2AI score0.01953EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/20 4:31 p.m.23 views

CVE-2025-15607 Authenticated Command Injection in mcsd Service of TP-Link Archer AX53

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS0.01953EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/20 12:0 a.m.4 views

PT-2026-26630

A command injection vulnerability on AX53 v1 occurs in mscd debug functionality due to insufficient input handling, allowing log redirection to arbitrary files and concatenation of unvalidated file content into shell commands, enabling authenticated attackers to inject and execute arbitrary...

7.3CVSS6.2AI score0.01953EPSS
Exploits0References6
EUVD
EUVD
added 2026/03/10 9:30 p.m.4 views

EUVD-2026-10905

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References2
Rows per page
Query Builder