PT-2026-40705

U-SPEED AC1200 Gigabit Wi-Fi Router Model: T18-21K V1.0 is vulnerable to Incorrect Access Control. The device exposes a UART interface that lacks authentication, authorization, or access control mechanisms. An attacker with physical access to the UART pins can connect to the interface and gain...

EUVD-2024-43158

Malicious code in bioql PyPI...

EUVD-2021-9514

Malicious code in bioql PyPI...

CVE-2025-57432

Blackmagic Web Presenter version 3.3 exposes a Telnet service on port 9977 that accepts unauthenticated commands. This service allows remote attackers to manipulate stream settings, including changing video modes and possibly altering device functionality. No credentials or authentication...

CVE-2024-48974

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-48974 Life2000 Ventilator does not perform proper file integrity checks when adopting firmware updates

The ventilator does not perform proper file integrity checks when adopting firmware updates. This makes it possible for an attacker to force unauthorized changes to the device's configuration settings and/or compromise device functionality by pushing a compromised/illegitimate firmware file. This...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2024-37037

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ‘Path Traversal’ vulnerability exists that could allow an authenticated user with access to the device’s web interface to corrupt files and impact device functionality when sending a crafted HTTP request...

CVE-2023-52477 usb: hub: Guard against accesses to uninitialized BOS descriptors

In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev-bos without checking if it was allocated and initialized. If...

CVE-2023-40460

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

CVE-2023-40460

CVE-2023-40460 affects the ACEManager component of ALEOS 4.16 and earlier . The vulnerability arises because ACEManager does not validate uploaded file names and types, which could allow an authenticated user to execute client-side scripts within ACEManager and alter device functionality until a ...

CVE-2023-40460 Improper input leads to DoS

The ACEManager component of ALEOS 4.16 and earlier does not validate uploaded file names and types, which could potentially allow an authenticated user to perform client-side script execution within ACEManager, altering the device functionality until the device is restarted...

PT-2023-19642 · Milesight · Milesight Vpn

Name of the Vulnerable Software and Affected Versions: Milesight VPN version 2.0.2 Description: Cross-site scripting xss vulnerabilities exist in the requestHandlers.js detail device functionality. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can...

CVE-2022-47189

Generex UPS CS141 below 2.06 version, allows an attacker toupload a firmware file containing an incorrect configuration, in order to disrupt the normal functionality of the device...

PT-2023-15229 · Generex · Generex Ups Cs141

Name of the Vulnerable Software and Affected Versions: Generex UPS CS141 versions prior to 2.06 Description: The issue allows an attacker to upload a firmware file containing an incorrect configuration, disrupting the normal functionality of the device. Recommendations: For versions prior to 2.06...

Authentication flaw

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...

CVE-2022-36385

CVE-2022-36385 affects Contec Health CMS8000 family (CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor). The vulnerability arises from improper access controls that permit a threat actor with momentary physical access to insert a USB drive and perform a malicious firmware update, causing permane...

Design/Logic Flaw

A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality...

Default credentials

An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. A user logged in using the default credentials can gain root access to the device, which provides permissions for all of t...