CVE-2026-35718

A path traversal vulnerability in the /admin/downloadMedias.cgi endpoint of VIVOTEK INC FD8136-VVTK firmware 0300a allows authenticated attackers to read any file on the device via sending a crafted request...

CVE-2026-30652

A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras running firmware version FD8136-VVTK-0300a. This flaw allows an authenticated attacker to execute arbitrary code as root on the device...

CVE-2025-64390

A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J Blu-ray Disc Java sandbox can be escaped through a malformed JAR file...

CVE-2026-46271

A flaw was found in the Linux kernel's ath12k Wi-Fi driver. When a multi-link connection is active, the firmware incorrectly enables Wake-on-Wireless WoW offloads on both primary and secondary links. This misconfiguration can lead to a firmware crash on WCN7850 devices, resulting in a Denial of...

CVE-2026-46271

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36604

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 does not validate the HTTP Host header, enabling DNS rebinding attacks. An external attacker can rebind a domain to the router's internal IP address, extending the CORS wildcard vulnerability Access-Control-Allow-Origin: to...

CVE-2026-46271

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

CVE-2026-46271 wifi: ath12k: do WoW offloads only on primary link

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

EUVD-2026-34133

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads enabled on both primary and secondary links. Change to do it only on primary link to fix it...

CVE-2026-46271

The CVE concerns the Linux kernel wireless driver for ath12k. In multi-link setups, WoW offloads were enabled on both primary and secondary links, causing the WCN7850 firmware to crash. The issue is resolved by enabling WoW offloads only on the primary link. Affected context includes the WCN7850 ...

Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

No d...

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

CVE-2026-35075

CVE-2026-35075: An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices. The Connected documents confirm the vulnerability allows extraction of the credential from firmware and implies full device compromise;...

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

EUVD-2026-34071

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

D-Link Routers - Local File Inclusion

D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-712 through 2.02,DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably others with the same type of firmware allows remote attackers to read arbitrary files via a /...