CVE-2026-21903 Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash

A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine pfe of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service DoS. Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting...

EUVD-2025-4177

Malicious code in bioql PyPI...

CVE-2019-10960

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to disable front panel authentication via crafted HTTP requests...

CVE-2025-26366

Summary (CVE-2025-26366): A CWE-306 vulnerability exists in Q-Free MaxTime

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26365

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/setup/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests...

CVE-2025-26365

CVE-2025-26365 involves a CWE-306 issue in Q-Free MaxTime, specifically the file maxprofile/setup/routes.lua. The vulnerability allows an unauthenticated remote attacker to enable front panel authentication via crafted HTTP requests in MaxTime versions 2.11.0 and earlier. Exploitation details are...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/setup/routes.lua. An...

PT-2025-7154 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function in Q-Free MaxTime, specifically in the maxprofile/setup/routes.lua file. This allows an unauthenticated remote...

CVE-2024-5559

CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists that could cause denial of service, device reboot, or an attacker gaining full control of the relay when a specially crafted reset token is entered into the front panel of the device...

Lenovo ThinkSystem 安全漏洞

Lenovo ThinkSystem is a ThinkSystem series server device from Lenovo, a Chinese company. A security vulnerability exists in Lenovo ThinkSystem. An attacker exploited the vulnerability to execute commands without sufficient privileges on SMM v1, SMM v2, and FPC using specially designed Web...

CVE-2019-10960

Zebra Industrial Printers All Versions, Zebra printers are shipped with unrestricted end-user access to front panel options. If the option to use a passcode to limit the functionality of the front panel is applied, specially crafted packets could be sent over the same network to a port on the...

CVE-2019-10960

CVE-2019-10960 affects Zebra Industrial Printers (all versions). Description: printers ship with unrestricted end-user access to front panel options; when a passcode option is enabled, specially crafted network packets can cause the printer to respond with information that includes the front-pane...