Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/06/09 3:39 p.m.31 views

CVE-2026-0409 Netgear Orbi 370 Series Remote Code Execution vulnerability

A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices...

7.5CVSS0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.11 views

PT-2026-47814

Name of the Vulnerable Software and Affected Versions NETGEAR Orbi 370 series versions prior to V12.1.2.7 Description A security issue exists that allows an attacker capable of intercepting and tampering with traffic between the router and the Internet to execute commands on the device. This occu...

7.5CVSS6AI score0.00256EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31849

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

7.2CVSS5.8AI score0.00117EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 3:31 p.m.3 views

EUVD-2026-15421

Nanoleaf Lines 12.3.2 does not authenticate firmware file uploads. A remote, unauthenticated attacker can upload firmware files on the device and consume storage resources. Fixed in 12.3.6...

6.9CVSS5.8AI score0.0034EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:21 p.m.1 views

CVE-2026-31851

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...

7.7CVSS5.8AI score0.00333EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/03/23 12:16 p.m.27 views

CVE-2026-31849 Missing CSRF Protection on Administrative Endpoints in Nexxt Nebula 300+

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...

7.2CVSS0.00117EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/23 12:7 p.m.28 views

CVE-2026-31847 Hidden Functionality Enables Remote Telnet Activation via /goform/setSysTools in Nexxt Nebula 300+

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

8.5CVSS0.00424EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.5 views

PT-2026-27116

Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant...

7.2CVSS5.9AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/02/23 5:23 p.m.6 views

CVE-2026-27511

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55multi contains a clickjacking vulnerability in the web-based administrative interface. The interface does not set the X-Frame-Options header, allowing attacker-controlled sites to embed administrative pages in an iframe and trick an...

4.3CVSS5.8AI score0.00207EPSS
Exploits1References2
CVE
CVE
added 2026/02/23 4:26 p.m.12 views

CVE-2026-27513

Shenzhen Tenda F3 Wireless Router firmware V12.01.01.55_multi is affected by a cross-site request forgery (CSRF) in the web-based administrative interface due to lack of anti-CSRF protections. An attacker can induce an authenticated administrator to submit state-changing requests, leading to unau...

5.1CVSS5.3AI score0.00102EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/10/19 1:15 a.m.4 views

CVE-2019-18202

Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to improper access control. A remote attacker can check for the existence of paths and file names via crafted HTTP requests...

5.3CVSS6.2AI score
Exploits0References1
OSV
OSV
added 2018/09/12 7:29 p.m.4 views

CVE-2018-3657

Multiple buffer overflows in Intel AMT in Intel CSME firmware versions before version 12.0.5 may allow a privileged user to potentially execute arbitrary code with Intel AMT execution privilege via local access...

6.7CVSS6.3AI score0.00582EPSS
Exploits0References6
Rows per page
Query Builder