51505 matches found
WAVLINK - Access Control
Wavlink WN530HG4, WN531G3, WN533A8, and WN551K are susceptible to improper access control via /cgi-bin/ExportAllSettings.sh, where a crafted POST request returns the current configuration of the device, including the administrator password. No authentication is required. The attacker must perform...
PT-2026-55969
Name of the Vulnerable Software and Affected Versions Tenda firmware US FH1201V1.0BR V1.2.0.14408 EN TD Tenda firmware US W15EV1.0br V15.11.0.51068 1567 841 EN TDE Tenda firmware US AC10V1.0re V15.03.06.46 multi TDE01 Tenda firmware US AC5V1.0RTL V15.03.06.48 multi TDE01 Tenda firmware US...
CVE-2026-10656
The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...
CVE-2026-10656
The MAX32xxx USB device controller driver drivers/usb/udc/udcmax32.c, compatible adimax32usbhs dereferenced an endpoint buffer in its OUT and IN transfer-completion handlers without checking it for NULL. udceventxferoutdone called netbufaddbuf, eprequest-actlen immediately after buf =...
PT-2026-55828
Name of the Vulnerable Software and Affected Versions Zephyr version 4.4.0 Description The MAX32xxx USB device controller driver drivers/usb/udc/udc max32.c, compatible adi max32 usbhs contains a flaw where it dereferences an endpoint buffer in its OUT and IN transfer-completion handlers without...
TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass
TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypass login by sending a specific request through formLoginAuth.htm, thus potentially being able to obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2021-42887 info:...
Linux Distros Unpatched Vulnerability : CVE-2026-14612
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out- of-bounds memory access when processing an oversized...
CVE-2026-14612
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...
CVE-2026-14612
The CVE concerns FreeIPA’s ipa-otpd daemon, specifically the OAuth2 device authorization handler. Two off-by-one errors can trigger out-of-bounds memory access when handling an oversized response from a configured external OAuth2/OIDC Identity Provider. Exploitation requires FreeIPA to be configu...
CVE-2026-14612 Freeipa: ipa: idm: freeipa: off-by-one buffer overflows in ipa-otpd oauth2.c during oauth2 device authorization
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...
EUVD-2026-41554
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...
CVE-2026-14612
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...
CVE-2026-14612
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may b...
SUSE CVE-2026-53097
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: fix use-after-free bugs in mt7996macdumpwork When the mt7996 pci chip is detaching, the mt7996crashdata is released in mt7996coredumpunregister. However, the work item dumpwork may still be running or pending,...
EUVD-2026-41464
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...
EUVD-2026-41465
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
CVE-2026-55726
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
CVE-2026-55726 Gardyn IoT Hub Exposure of Sensitive System Information to an Unauthorized Control Sphere
The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container...
CVE-2026-55726
CVE-2026-55726 concerns Gardyn IoT Hub: the Azure Blob Storage container used for device logs is publicly listable without authentication, enabling access to any device log file in that container. The root cause is a misconfiguration of storage permissions, exposing logs to unauthenticated users....
CVE-2026-13768
CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...