U-SPEED AC1200 安全漏洞

The U-SPEED AC1200 is a Gigabit dual-band Wi-Fi router produced by the U-SPEED company. The U-SPEED AC1200 Gigabit Wi-Fi Router T18-21K V1.0 version has a security vulnerability. This vulnerability stems from improper access control; the UART interface exposed by the device lacks an authenticatio...

CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration

Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...

CVE-2025-6693

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693 RT-Thread device.c sys_device_write memory corruption

A vulnerability, which was classified as critical, was found in RT-Thread up to 5.1.0. This affects the function sysdeviceopen/sysdeviceread/sysdevicecontrol/sysdeviceinit/sysdeviceclose/sysdevicewrite of the file components/drivers/core/device.c. The manipulation leads to memory corruption. It i...

CVE-2025-6693

CVE-2025-6693 affects RT-Thread up to 5.1.0. The vulnerability targets the file components/drivers/core/device.c, specifically the functions sys_device_open, sys_device_read, sys_device_control, sys_device_init, sys_device_close, and sys_device_write, causing memory corruption and enabling a loca...

Linux Distros Unpatched Vulnerability : CVE-2023-52884

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Input: cyapa - add missing input core locking to suspend/resume functions Grab input-mutex during suspend/resume functions like it is done in other input driver...

CVE-2022-49434

The CVE-2022-49434 issue is in the Linux kernel where pci_dev_lock() historically acquired the config space access lock before the device lock, risking AB/BA deadlocks with sriov_numvfs_store() that already takes the device lock first. The fix is to reverse the order in pci_dev_lock() so it acqui...

CVE-2024-56648

In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fillframeinfo syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fillframeinfo is relying on skb-maclen already, extend the check to cover this case...

The vulnerability of the SIMATIC Reader software for editing and managing projects and documents allows a perpetrator to activate additional functions of the device.

The vulnerability of the SIMATIC Reader software for editing and managing projects and documents is related to the presence of undocumented configuration commands. Exploiting this vulnerability can allow attackers to activate additional functions of the device by modifying the configuration files...

PT-2023-36057 · Git +1 · Ghostscript

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-use-after-free error, which occurs when the program attempts to access memory that has already been freed. The crash state...

TangleBot Malware Reaches Deep into Android Device Functions

An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is...

Nexus Control Panel Elevation of Privilege Vulnerability

Swisslog Healthcare Nexus Panel is a medical device from Swisslog Healthcare.An elevation of privilege vulnerability exists in versions prior to Nexus Control Panel 7.2.5.7. An attacker could exploit this vulnerability to gain root access to the device, which would allow access to all device...

Authentication flaw

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing...

CVE-2018-5455

A Reliance on Cookies without Validation and Integrity Checking issue was discovered in Moxa OnCell G3100-HSPA Series version 1.4 Build 16062919 and prior. The application allows a cookie parameter to consist of only digits, allowing an attacker to perform a brute force attack bypassing...

CVE-2014-8331

Multiple cross-site request forgery CSRF vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the...

CVE-2014-8331

Multiple cross-site request forgery CSRF vulnerabilities in Huawei HiLink E3236 before E3276sTCPU-V200R002B470D13SP00C00 and E3276sWebUI-V100R007B100D03SP01C03 and E3276 before E3236sTCPU-V200R002B146D41SP00C00 and E3236sWebUI-V100R007B100D03SP01C03 allow remote attackers to hijack the...