30814 matches found
Canon Devices - Authentication Bypass in Catwalk Server
Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...
VelotiSmart Wifi - Directory Traversal
VelotiSmart WiFi B-380 camera devices allow directory traversal via the uc-http service 1.0.0, as demonstrated by /../../etc/passwd on TCP port 80. id: CVE-2018-14064 info: name: VelotiSmart Wifi - Directory Traversal author: 0xAkoko severity: critical description: VelotiSmart WiFi B-380 camera...
EUVD-2026-41464
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...
CVE-2026-13768
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...
CVE-2026-13768
CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...
CVE-2026-13768 Gardyn IoT Hub Use of Hard-coded Credentials
Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...
CVE-2026-52191
Buffer Overflow vulnerability in UTT nv518G nv518GV3v3.2.7-210919-161313 allows a remote attacker to cause a denial of service via the gohead/sub444C8C component...
Google Disrupts NetNut Residential Proxy Network Spanning 2 Million Home Devices
Google has significantly degraded NetNut , one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group GTIG said this week it had reduced the network's pool of usable devices by...
USN-8498-1 linux-nvidia-tegra vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...
USN-8492-2 linux-aws-6.8, linux-gcp-6.8, linux-gke, linux-gkeop, linux-ibm-6.8, linux-nvidia-lowlatency, linux-oracle-6.8 vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; -...
CVE-2026-54401
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...
CVE-2026-54401
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...
EUVD-2026-41392
A malicious actor with access to the network and low privileges could exploit a Server-Side Request Forgery SSRF to escalate privileges within such UniFi OS devices or instances...
[SECURITY] Fedora 44 Update: ipp-usb-0.9.34-2.fc44
HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...
USN-8488-1 linux, linux-aws, linux-gcp, linux-ibm, linux-oracle, linux-realtime vulnerabilities
It was discovered that some AMD processors did not properly clear data in the floating point divider unit during speculative execution. A local attacker could use this to expose sensitive information. CVE-2025-54505 Several security issues were discovered in the Linux kernel. An attacker could...
CVE-2026-2891
The following Poly Voice IP devices, CCX, Trio, and Edge E, might be inoperable if they connect to a malicious SIP server and receive malformed data. HP is releasing updates to mitigate these potential vulnerabilities...
EUVD-2026-40830
Incorrect security UI in Passwords in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40754
Use after free in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Low...
EUVD-2026-40668
Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 150.0.7871.47 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Medium...
PT-2026-54730
Exploiting QNAP devices CVE-2026-34007, CVE-2026-34008 https://t.co/f7KKp9dVFI infosec https://t.co/1802K6qUXC...