201 matches found
CVE-2023-45795
A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...
CVE-2023-45795
A cross-site scripting vulnerability in the Builder Component of Pilz PASvisu before 1.14.1 allows a local unauthenticated attacker to inject malicious javascript and gain full control over the device...
CVE-2023-45795
The provided CVE describes a cross-site scripting (XSS) vulnerability in the Builder Component of Pilz PASvisu before version 1.14.1. The issue allows a local unauthenticated attacker to inject malicious JavaScript and gain full control over the device. Concrete exploitation details are not provi...
CVE-2026-9151
An OS command injection vulnerability exists in the VPN module of TP-Link Archer AX12 v1, AX17 v1. AX18 v1, and AX1300 v1.6 routers. This vulnerability allows an adjacent, authenticated attacker to execute arbitrary commands on the device by importing a specially crafted VPN client configuration...
PT-2026-48516
Name of the Vulnerable Software and Affected Versions TP-Link Archer AX12 v1 TP-Link Archer AX17 v1 TP-Link Archer AX18 v1 TP-Link Archer AX1300 v1.6 Description An OS command injection issue exists in the VPN module. This occurs due to improper filtering of special characters, allowing an...
CVE-2026-8913
A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when...
CVE-2026-5777
This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge ADB service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading...
CVE-2026-35075
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...
EUVD-2026-34071
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...
CVE-2026-35075
CVE-2026-35075: An unauthenticated remote attacker can recover a default, hard-coded password from a firmware image, gaining full access to all affected devices. The Connected documents confirm the vulnerability allows extraction of the credential from firmware and implies full device compromise;...
CVE-2026-35075 Hardcoded default Password for Service Account
An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices...
CVE-2025-27851
The locally served web site on the Garmin WDU v1 1.4.6 and v2 5.0 allows a cross-site origin WebSocket hijacking attack. Among other uses, the WDU utilizes WebSockets to control settings, including administrative settings. This allows a network attacker to take full control of a WDU. To initiate ...
Garmin WDU 安全漏洞
Garmin WDU is a wireless data unit developed by Garmin Corporation, designed for data updates and maintenance of aviation electronic equipment. Versions 1.1.6 and 2.5.0 of Garmin WDU contain security vulnerabilities. These vulnerabilities stem from the ability to allow cross-source WebSocket...
CVE-2026-36738
CVE-2026-36738 affects the U-SPEED AC1200 Gigabit Wi‑Fi Router (Model: T18-21K, V1.0). The UART interface is exposed with no authentication/authorization, allowing a physically present attacker to access device functionality unrestrictedly. Documents do not specify affected firmware versions, exp...
CVE-2026-30495
The CVE-2026-30495 entry concerns the Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0). Technical details in the connected documents show an exploitable condition where ADB is exposed over TCP port 5555 without authentication (ro.adb.secure=0) and a functional /system/xb...
PT-2026-38434
Name of the Vulnerable Software and Affected Versions Optoma CinemaX P2 version TVOS-04.24.010.04.01 Description The device exposes Android Debug Bridge ADB on TCP port 5555 over the network without authentication. It is configured with the variable ro.adb.secure set to 0, which disables RSA key...
CVE-2026-7161
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...
CVE-2026-42363
An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5. Listening to broadcast packets can lead to credentials leak. An attacker can listen to broadcast messages to trigger this vulnerability. When interacting with variou...
PT-2026-35277
Name of the Vulnerable Software and Affected Versions GeoVision GV-IP Device Utility version 9.0.5 Description Insufficient encryption in the Device Authentication functionality allows for the leakage of administrator credentials. When the utility sends privileged commands to devices over UDP...
SenseLive X3050 访问控制错误漏洞
The SenseLive X3050 is a data collection and environmental monitoring device designed for IoT scenarios by SenseLive Corporation. The SenseLive X3050 has a access control vulnerability, which stems from the lack of authentication or authorization in the embedded management services. This...