59 matches found
CVE-2026-33357
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1, linux
In the Linux kernel, the following vulnerability has been resolved: virtiopmem: Check the device status before requesting flushing. If a PMEM device is in an invalid state, the driver could wait indefinitely for the host acknowledgment in virtiopmemflush, causing the system to hang. Therefore, a...
EUVD-2026-29103
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
CVE-2026-33357 Meari OpenAPI device status IDOR
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
CVE-2026-33357
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
CVE-2026-33357 Meari OpenAPI device status IDOR
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
CVE-2026-33357
CVE-2026-33357 affects Meari client applications that embed com.meari.sdk, including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label
PT-2026-39641
In Meari client applications embedding "com.meari.sdk" including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label = 1.8.x, the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root cause is a server-side...
Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
Exploit Title: Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking CSWSH Date: 2026-02-26 Exploit Author: Hazar Taspinar Vendor Homepage: https://www.traccar.org/ Software Link: https://github.com/traccar/traccar Version: = 6.11.1 Tested on: Windows 11 / Linux CVE: CVE-2025-68930...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fixed a double-free in the error path. If the uvcstatusinit function fails to allocate the inturb variable, it will free the dev-status pointer without resetting it to NULL. This causes the kfree call in...
ALSA: fireworks: bound device-supplied status before string array lookup
...
CVE-2026-31619
In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efrstatusnames has 17 entries so a status value outside that range go...
CVE-2026-31619
The CVE-2026-31619 vulnerability affects the Linux kernel ALSA fireworks driver where a 32-bit status value from a FireWire device could be looked up in a 17-entry efr_status_names[] array, potentially indexing outside the array and causing incorrect string formatting. The issue could interpret E...
CVE-2026-31619
In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value supplied by the firewire device. efrstatusnames has 17 entries so a status value outside that range go...
Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.10-2026-113 (ALASKERNEL-5.10-2026-113)
The version of kernel installed on the remote host is prior to 5.10.248-247.988. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.10-2026-113 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: core: ufs: Fix a hang in the...
CVE-2026-0853
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
CVE-2026-0853
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
CVE-2026-0853 A-Plus Video Technologies|NVR - Sensitive Data Exposure
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...
CVE-2026-0853
CVE-2026-0853 affects certain NVR models from A-Plus Video Technologies. The underlying issue is a Sensitive Data Exposure that can be exploited by unauthenticated remote attackers to access the device’s debug page and retrieve device status information. Impact is described as exposure of status ...
EUVD-2026-1953
Certain NVR models developed by A-Plus Video Technologies has a Sensitive Data Exposure vulnerability, allowing unauthenticated remote attackers to access the debug page and obtain device status information...