Lucene search
K

155 matches found

NVD
NVD
added 3 days ago9 views

CVE-2026-21056

Improper authorization in Samsung Health prior to version 7.00.0.107 allows local attackers to access connected device information...

4.8CVSS0.00099EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added last week6 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55338

Name of the Vulnerable Software and Affected Versions Gardyn Home Kit and Studio devices affected versions not specified Gardyn IoT Hub affected versions not specified Description Gardyn devices and the associated IoT Hub cloud service expose a hardcoded privileged iothubowner key. An...

10CVSS6.3AI score0.00559EPSS
Exploits2References18
Cvelist
Cvelist
added 2026/06/25 8:38 a.m.31 views

CVE-2026-53158 misc: fastrpc: Fix NULL pointer dereference in rpmsg callback

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix NULL pointer dereference in rpmsg callback A NULL pointer dereference was observed on Hawi at boot when the DSP sends a glink message before fastrpcrpmsgprobe has completed initialization: Unable to handle kern...

0.00122EPSS
Exploits0References8
CVE
CVE
added 2026/06/25 8:38 a.m.13 views

CVE-2026-53158

The CVE-2026-53158 issue affects the Linux kernel misc: fastrpc subsystem, where a NULL pointer dereference could occur in rpmsg callback if fastrpc_rpmsg_probe() hasn’t completed or if the callback fires before dev_set_drvdata(). The fault trace points to a NULL cctx in fastrpc_channel_ctx when ...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References8Affected Software1
EUVD
EUVD
added 2026/06/17 6:35 p.m.11 views

EUVD-2026-37646

Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...

7.2CVSS5.3AI score0.00151EPSS
Exploits0References3
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/06/12 8:54 p.m.14 views

Malicious code in beamz (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c380f1f0fc3c5cf723cd7d92bf41c30f622aafaa633a32f0a78bf91a3a769d2a The package advertises itself as a credential-transfer CLI but implements transfer by reading the user's Anthropic Claude Code credentials...

5.5AI score
Exploits0References6
Malwarebytes
Malwarebytes
added 2026/06/12 2:3 p.m.14 views

Stolen iPhones could soon be worth a lot less to thieves

The UK’s Metropolitan Police has reached an agreement with Apple designed to make stolen iPhones harder to resell and less attractive to thieves. The approach combines stronger technical protections with direct data sharing between Apple and law enforcement. In 2023, about 1.4 million mobile phon...

5.4AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:35 p.m.12 views

CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.5AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 5:43 a.m.28 views

CVE-2026-49192

Technical details for CVE-2026-49192 are not publicly available in the provided documents. Monitor for updates on affected products, exposed data, and remediation.

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/04 5:43 a.m.45 views

CVE-2026-49192 Summary Service Insecure Direct Object Reference

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.3CVSS0.00138EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.20 views

PT-2026-46150

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.3CVSS5.8AI score0.00138EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.7 views

Dräger多款产品 安全漏洞

Dräger Infinity Delta, among others, are products of the German company Dräger. The Dräger Infinity Delta is a multi-parameter clinical monitor. The Dräger Infinity Kappa is a multi-parameter patient monitor. The Dräger Infinity Delta XL is a high-performance multi-parameter patient monitor...

5.3CVSS5.5AI score0.00203EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Range checks for the CHDBOFF and ERDBOFF registers. If the values read from the CHDBOFF and ERDBOFF registers are outside the range of the MHI register space, an invalid address may be calculated, which can later...

5.5CVSS5.7AI score0.00137EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 10:16 p.m.20 views

CVE-2026-44424

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

6.5CVSS0.00246EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 9:6 p.m.33 views

CVE-2026-44424 ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespace

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

6.5CVSS0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/13 9:6 p.m.7 views

CVE-2026-44424 ShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespace

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace tenant. Any authenticated user JWT or API Key who knows or can guess a device UID...

6.5CVSS5.8AI score0.00246EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

ShellHub 安全漏洞

ShellHub is an open-source remote device access and management platform developed by ShellHub. Versions of ShellHub prior to 0.24.2 contained security vulnerabilities. These vulnerabilities stemmed from the GET /api/devices/:uid request, which returned the complete device object for any...

6.5CVSS5.9AI score0.00246EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/12 8:59 p.m.8 views

CVE-2026-33570 Subnet Solutions PowerSYSTEM Center Incorrect Authorization

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS5.8AI score0.00161EPSS
Exploits0References2
Rows per page
Query Builder