Lucene search
K

71 matches found

NVD
NVD
added 5 days ago7 views

CVE-2026-38059

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
NVD
NVD
added 2026/07/06 7:16 p.m.7 views

CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS0.00271EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/07/06 6:0 p.m.33 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

0.00271EPSS
Exploits1References1
EUVD
EUVD
added 2026/07/06 6:0 p.m.5 views

EUVD-2026-41895

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

7.5CVSS6AI score0.00271EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/07/06 6:0 p.m.15 views

CVE-2026-13753 CVE-2026-13753

A missing authorization vulnerability exists in the embedded webserver of HP Deskjet 2800 Series Printers running firmware version =TBP1CN2612AR. An unauthenticated attacker with network access can send GET requests to multiple exposed administrative API endpoints and retrieve sensitive...

6AI score0.00271EPSS
Exploits1References1
CVE
CVE
added 2026/07/06 6:0 p.m.50 views

CVE-2026-13753

HP Deskjet 2800 Series printers (firmware

7.5CVSS6AI score0.00271EPSS
Exploits1References2
OSV
OSV
added 2026/07/02 4:43 p.m.14 views

GHSA-QJPC-QF9M-XWMR OpenClaw: Trusted-proxy Control UI WebSocket accepted client-declared scopes before pairing

Summary In trusted-proxy Control UI mode, OpenClaw accepted a WebSocket client's declared operator scopes before those scopes were bound to a server-approved pairing or trusted-proxy authorization baseline. This issue affects trusted-proxy Control UI deployments. It does not apply to shared-secre...

8.8CVSS5.8AI score0.00289EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.10 views

CVE-2026-9219

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS0.00203EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/06 6:43 p.m.17 views

CVE-2026-11341

A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEIvalue causes os command injection. The attack can be initiated remotely. The exploit has been published and may be used...

6.5CVSS5.3AI score0.01044EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:28 p.m.11 views

CVE-2026-4377

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.5AI score0.00141EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:22 p.m.8 views

CVE-2026-7821

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of...

9.1CVSS5.5AI score0.00509EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.12 views

Acer M6E 安全漏洞

The Acer M6E is a portable 5G mobile hotspot device from Acer, a company based in Taiwan, China. The Acer M6E has a security vulnerability. This vulnerability stems from the AES-128-CBC key that is fixed in the AcerConnect OTA application. It may allow attackers to forge authorization credentials...

6.9CVSS5.4AI score0.00187EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.19 views

PT-2026-46178

Name of the Vulnerable Software and Affected Versions AcerConnect OTA affected versions not specified Description The use of fixed AES-128-CBC keys within the application allows attackers to forge authorization credentials for any IMEI number. This enables unauthorized actors to list catalog item...

6.9CVSS5.4AI score0.00187EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/28 12:30 p.m.17 views

EUVD-2026-32860

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
CVE
CVE
added 2026/05/28 9:2 a.m.28 views

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

6CVSS5.8AI score0.00141EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44226

Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the default password if they have the device IMEI number. This issue was fixed in version 1.00B16CP...

6CVSS5.8AI score0.00141EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Thunderbird

The Matrix JavaScript SDK is the Matrix Client-Server software development kit SDK for JavaScript. Prior to version 19.7.0, an attacker who cooperated with a malicious home server could interfere with the verification process between two users, substituting their own cross-signed user identity wi...

8.6CVSS6.8AI score0.00942EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.9 views

Ivanti Endpoint Manager Mobile < 12.6.1.1 / 12.7 < 12.7.0.1 / 12.8 < 12.8.0.1 (May 2026)

The version of Ivanti Endpoint Manager Mobile, formerly MobileIron Core, running on the remote host is before 12.6.1.1, 12.7.x before 12.7.0.1, or 12.8.x before 12.8.0.1, and is therefore affected by multiple vulnerabilities. - An Improper Access Control vulnerability allows a remote authenticate...

9.8CVSS6.5AI score0.34454EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/07 6:30 p.m.13 views

EUVD-2026-28397

Improper certificate validation in Ivanti EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1 allows a remote unauthenticated attacker to enroll a device belonging to a restricted set of unenrolled devices, leading to information disclosure about EPMM appliance and impacting on the integrity of...

9.1CVSS5.8AI score0.00509EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 3:26 p.m.38 views

CVE-2026-7821

Ivanti Endpoint Manager Mobile (EPMM) is affected by CVE-2026-7821 due to improper certificate validation. The vulnerability allows a remote unauthenticated attacker to enroll a device from a restricted set of unenrolled devices, causing information disclosure about the EPMM appliance and impacti...

9.1CVSS5.8AI score0.00509EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder