PT-2026-32695

CVE-2026-4832 CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able… https://t.co/N2CPBzZjrp...

Exposure of Data Element to Wrong Session

Overview Affected versions of this package are vulnerable to Exposure of Data Element to Wrong Session in the MDM command processing while handling SyncML status code. An attacker can obtain sensitive configuration data belonging to other devices such as WiFi credentials, VPN secrets, and...

CVE-2026-4309

CVE-2026-4309 concerns NEC Platforms, Ltd. Aterm Series devices with a Missing Authorization vulnerability. The available documents state that an attacker can retrieve specific device information and alter settings over the network. The CVSS metrics indicate a Network attack vector, high attack c...

CVE-2026-4309

Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network...

CVE-2026-20115

A vulnerability in Cisco IOS XE Software for Cisco Meraki could allow a remote, unauthenticated attacker to view confidential device information. This vulnerability is due to a device configuration upload being performed over an insecure tunnel. An attacker could exploit this vulnerability by...

CVE-2025-15605

A hardcoded cryptographic key within the configuration mechanism on TP-Link Archer NX200, NX210, NX500 and NX600 enables decryption and re-encryption of device configuration data. An authenticated attacker may decrypt configuration files, modify them, and re-encrypt them, affecting the...

CVE-2025-41712

An unauthenticated remote attacker who tricks a user to upload a manipulated HTML file can get access to sensitive information on the device. This is a result of incorrect permission assignment for the web server...

Janitza UMG 96RM-E 24V和Janitza UMG 96RM-E 230V 安全漏洞

Both Janitza UMG 96RM-E 24V and Janitza UMG 96RM-E 230V are multi-functional power quality analyzers from the German company Janitza. There are security vulnerabilities associated with these devices. These vulnerabilities stem from improper assignment of permissions to web servers, which may allo...

SUSE CVE-2026-23237

In the Linux kernel, the following vulnerability has been resolved: platform/x86: classmate-laptop: Add missing NULL pointer checks In a few places in the Classmate laptop driver, code using the accel object may run before that object's address is stored in the driver data of the input device usi...

CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

CVE-2026-2832

Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization...

ZBT WE2001 安全漏洞

ZBT WE2001 is a wireless router produced by ZBT Technology Co., Ltd. Version 23.09.27 of ZBT WE2001 contains a security vulnerability. This vulnerability stems from a lack of session verification in the Web API component, which may allow unauthenticated remote attackers to obtain device...

CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

Azure Linux 3.0 Security Update: kernel (CVE-2025-38283)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-38283 advisory. - In the Linux kernel, the following vulnerability has been resolved: hisiaccvfiopci: bugfix live migration...

CVE-2025-13454

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information...

CVE-2025-13454

CVE-2025-13454 concerns Lenovo ThinkPlus configuration software. Connected sources identify a local authenticated user potentially gaining access to sensitive device information. The available documents list affected software as ThinkPlus configuration software, but do not specify exact versions ...

CVE-2025-13454

A potential vulnerability was reported in ThinkPlus configuration software that could allow a local authenticated user to gain access to sensitive device information...

EUVD-2022-55775

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921e: fix rmmod crash in driver reload test In insmod/rmmod stress test, the following crash dump shows up immediately. The problem is caused by missing mt76dev in mt7921pciremove. We should make sure the drvdata i...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from missing device data during driver removal, which could result in a null pointer dereference...

CVE-2025-65856

The CVE-2025-65856 entry concerns Xiongmai XM530 IP cameras running firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The vulnerability is an authentication bypass in the ONVIF implementation that fails to enforce authentication on 31 endpoints, allowing unauthenticated remote access to sen...