Lucene search
K

1185 matches found

NVD
NVD
added yesterday4 views

CVE-2026-5040

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday22 views

CVE-2026-5040 Weak Password Hashing Mechanism in TP-Link Deco M5

TP-Link Deco M5 v1 uses a weak password hashing mechanism to store user credentials. An attacker who obtains the password hash through system compromise or privileged access could perform brute-force or dictionary attacks. Successful exploitation may result in disclosure of authentication...

7.1CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-5040

The CVE-2026-5040 entry applies to TP-Link Deco M5 v1. The issue stems from a weak password hashing mechanism used to store user credentials. An attacker who obtains the password hash via system compromise or privileged access could perform brute-force or dictionary attacks. Practical consequence...

7.1CVSS6.1AI score
Exploits0References3
EUVD
EUVD
added yesterday3 views

EUVD-2026-43542

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS6.9AI score0.00096EPSS
Exploits0References2
NVD
NVD
added 2 days ago5 views

CVE-2026-15683

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS0.00096EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-15683 Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability

Lorex 2K Indoor Wi-Fi Security Camera Device Management Server Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lorex 2K Indoor Wi-Fi Security Cameras. User interaction is not required to...

7.5CVSS0.00096EPSS
Exploits0References1
CVE
CVE
added 2 days ago9 views

CVE-2026-15683

Affected product/area: Lorex 2K Indoor Wi‑Fi Security Camera – Device Management Server. Vulnerability: Improper certificate validation in the device management functionality. The flaw stems from lack of proper validation of the server’s certificate, enabling network‑adjacent attackers to execute...

7.5CVSS6.9AI score0.00096EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago101 views

YeaLink DM 3.6.0.20 - Remote Command Injection

Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication. id: CVE-2021-27561 info: name: YeaLink DM 3.6.0.20 - Remote Command Injection author: shifacyclewala,hackergautam severity: critical description: Yealink...

10CVSS7.1AI score0.82516EPSS
Exploits0References5
NVD
NVD
added 2026/07/01 7:16 p.m.7 views

CVE-2026-41121

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access 'Link Following’ vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.8CVSS0.00123EPSS
Exploits0References1
CVE
CVE
added 2026/07/01 6:48 p.m.16 views

CVE-2026-41121

Dell Device Management Agent (DDMA) versions before 26.05 are affected by an Improper Link Resolution Before File Access (Link Following) vulnerability. A low-privilege, local attacker could potentially exploit this to achieve Elevation of Privileges. The CVSS3.1 vector is AV:L/AC:L/PR:L/UI:R/S:U...

7.8CVSS5.8AI score0.00123EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/07/01 6:48 p.m.7 views

CVE-2026-41121

Dell Device Management Agent, versions prior to DDMA 26.05, contain an Improper Link Resolution Before File Access 'Link Following’ vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

7.3CVSS5.8AI score0.00123EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/01 12:0 a.m.15 views

PT-2026-54761

Name of the Vulnerable Software and Affected Versions Dell Device Management Agent versions prior to 26.05 Description An Improper Link Resolution Before File Access Link Following issue exists where a low privileged attacker with local access could potentially exploit the flaw to achieve Elevati...

7.8CVSS5.9AI score0.00123EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: power: supply: sbs-battery: Fixed a use-after-free in powersupplychanged. By using the devm variant to request the IRQ before using the devm variant to allocate/register the powersupply handle, it is possible that the powersupply...

7.8CVSS5.8AI score0.0016EPSS
Exploits0References2
NVD
NVD
added 2026/06/20 4:17 p.m.19 views

CVE-2026-56307

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS0.00238EPSS
Exploits0References2
OSV
OSV
added 2026/06/20 3:24 p.m.3 views

CVE-2026-56307 Cap-go - Broken Cursor Pagination in /private/devices Endpoint

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS6AI score0.00238EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38124

Cap-go before 12.128.12 contains a broken cursor pagination vulnerability in the /private/devices endpoint on the Cloudflare/workerd path that allows authenticated attackers to cause duplicate-page loops and make later rows unreachable. Attackers with app.readdevices access can exploit...

5.3CVSS5.9AI score0.00238EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/12 9:0 p.m.16 views

Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint

Summary A vulnerability in Fleet's Apple MDM commands listing endpoint allowed authenticated users with the lowest-privilege Observer role to extract sensitive values from joined database tables — including host enrollment secrets and Apple Push Notification Service APNS tokens — through a...

5.5AI score0.00019EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/07 12:43 a.m.14 views

CVE-2026-6241

An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitization. An attacker can inject format specifiers into ONVIF scope parameters to manipulate memory...

6.8CVSS5.5AI score0.00163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:20 p.m.13 views

CVE-2026-50209

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

9.3CVSS5.5AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-49185

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec, allowing command/instruction injection...

10CVSS5.4AI score0.00387EPSS
Exploits0References1
Rows per page
Query Builder