Nortek Linear eMerge E3-Series - SQL Injection

Nortek Linear eMerge E3-Series 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e were discovered to contain a SQL injection vulnerability via the idt parameter. id: CVE-2022-38627 info: name: Nortek Linear eMerge E3-Series - SQL Injection author: daffainfo,omarhashem666...

Hitachi Energy RTU500 NULL Pointer Dereference (CVE-2026-24515)

In libexpat before 2.7.4, XMLExternalEntityParserCreate does not copy unknown encoding handler user data, causing Denial of Service impact. Product is only affected if IEC 61850 functionality is configured. This plugin only works with Tenable.ot. Please visit...

CVE-2025-66280 QTS, QuTS hero

An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the...

CVE-2026-7254

IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users...

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

CVE-2025-2514

Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One...

CVE-2026-32644

Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys...

CVE-2026-32649

A command injection vulnerability exists in the web server of specific firmware versions of Milesight cameras...

CVE-2026-27785

Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials...

CVE-2026-20766

An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras...

CVE-2026-28747

A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed...

T3 Technology CPE models 安全漏洞

T3 Technology CPE models are a series of 4G/5G customer premises equipment developed by the Thai company T3 Technology. The T3 Technology CPE models with versions v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 contain security vulnerabilities. These vulnerabilities stem from improper access control i...

CVE-2019-25723 Dräger Perseus A500 2.00-2.02 DoS via Medibus Interface

Dräger Perseus A500 software versions 2.00 through 2.02 contains an improper input handling vulnerability that allows external attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can overload the internal...

CVE-2025-64390

CVE-2025-64390 describes a privilege-escalation in PlayStation 4 firmware 13.00–13.02 where the BD-J sandbox can be escaped via a malformed JAR. Connected sources (NVD, CVE list mirrors, AttackersKB, and HackerOne report) explain the root cause: a mismatch between security policy path canonicaliz...

CVE-2026-38703

A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

CVE-2026-38702

A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target...

CVE-2026-24444

SDMC NE6037 cable modem routers running firmware 7.1.6.0.25 and 7.1.6.1.9B9 contain a hardcoded password vulnerability in the web management interface recovery endpoints mgmt.php, npcmd.php that allows unauthenticated attackers to gain root access by submitting the hardcoded credential to the...

CVE-2026-8980

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin operator and manufacturer accounts via crafted POST requests...

CVE-2026-8979 Authentication Bypass

The Mennekes Amtron series firmware versions ≤ 5.22.3 is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST request to the /operator/operator endpoint...

CVE-2026-38704

CVE-2026-38704 describes a command injection vulnerability in the WireGuard VPN feature of InHand Networks firmware. Affected devices include IR302 (V3.5.108), IR305 (V1.0.118), IR315 (V1.0.118), IR615 (V1.0.118), and earlier versions. Successful exploitation can yield ROOT privileges on remote t...