Lucene search
K

201 matches found

NVD
NVD
added 2026/06/22 10:16 a.m.16 views

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS0.00146EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:6 a.m.6 views

CVE-2023-45795

A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References2
CVE
CVE
added 2026/06/22 9:6 a.m.11 views

CVE-2023-45795

The provided CVE describes a cross-site scripting (XSS) vulnerability in the Builder Component of Pilz PASvisu before version 1.14.1. The issue allows a local unauthenticated attacker to inject malicious JavaScript and gain full control over the device. Concrete exploitation details are not provi...

7.8CVSS5.7AI score0.00146EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 6:17 p.m.13 views

CVE-2026-9151

An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...

8.5CVSS0.01069EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.14 views

PT-2026-48516

Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...

8.5CVSS5.7AI score0.01069EPSS
Exploits0References11
NVD
NVD
added 2026/06/08 6:16 p.m.13 views

CVE-2026-8913

A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...

8.5CVSS0.00907EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.11 views

CVE-2026-5777

This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading...

8.7CVSS5.5AI score0.00261EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:38 a.m.8 views

CVE-2026-35075

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/03 10:38 a.m.12 views

EUVD-2026-34071

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1
CVE
CVE
added 2026/06/03 10:38 a.m.20 views

CVE-2026-35075

CVE-2026-35075: An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices. The Connected documents confirm the vulnerability allows extraction of the credential from firmware and implies full device compromise;...

9.8CVSS5.9AI score0.00466EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/03 10:38 a.m.48 views

CVE-2026-35075 Hardcoded default Password for Service Account

An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...

9.8CVSS0.00466EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 9:16 p.m.19 views

CVE-2025-27851

The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...

9.3CVSS0.00145EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.10 views

Garmin WDU 安全漏洞

Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow cross-source WebSocket...

9.3CVSS5.8AI score0.00145EPSS
Exploits0References2
CVE
CVE
added 2026/05/13 12:0 a.m.14 views

CVE-2026-36738

CVE-2026-36738 affects the U-SPEED AC1200 Gigabit Wi‑Fi Router (Model: T18-21K, V1.0). The UART interface is exposed with no authentication/authorization, allowing a physically present attacker to access device functionality unrestrictedly. Documents do not specify affected firmware versions, exp...

6.8CVSS5.8AI score0.00299EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/07 12:0 a.m.19 views

CVE-2026-30495

The CVE-2026-30495 entry concerns the Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0). Technical details in the connected documents show an exploitable condition where ADB is exposed over TCP port 5555 without authentication (ro.adb.secure=0) and a functional /system/xb...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/07 12:0 a.m.20 views

PT-2026-38434

Name of the Vulnerable Software and Affected Versions Optoma CinemaX P2 version TVOS-04.24.010.04.01 Description The device exposes Android Debug Bridge ADB on TCP port 5555 over the network without authentication. It is configured with the variable ro.adb.secure set to 0, which disables RSA key...

8.8CVSS5.8AI score0.00216EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/04 12:39 a.m.8 views

CVE-2026-7161

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.8AI score0.00214EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/26 11:58 p.m.5 views

CVE-2026-42363

An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...

9.3CVSS5.6AI score0.00186EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.7 views

PT-2026-35277

Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leakage of administrator credentials. When the utility sends privileged commands to devices over UDP...

9.3CVSS5.4AI score0.00186EPSS
Exploits0References14
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.9 views

SenseLive X3050 访问控制错误漏洞

The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...

9.8CVSS5.8AI score0.00546EPSS
Exploits0References1
Rows per page
Query Builder