Lucene search
K

865 matches found

Nuclei
Nuclei
added yesterday28 views

Intelbras NPLUG 1.0.0.14 - Authentication Bypass

Intelbras NPLUG 1.0.0.14 is vulnerable to authentication bypass through cookie manipulation. An attacker can bypass authentication by simply setting a cookie named "admin:". id: CVE-2018-12455 info: name: Intelbras NPLUG 1.0.0.14 - Authentication Bypass author: ritikchaddha severity: critical...

9.3CVSS7AI score0.04999EPSS
Exploits3References2
Nuclei
Nuclei
added yesterday43 views

AVTECH DVR - Login Verification Code Bypass

AVTECH DVR products are vulnerable to verification code bypass just by entering the "login=quick" parameter to bypass verification code. id: CVE-2013-4982 info: name: AVTECH DVR - Login Verification Code Bypass author: ritikchaddha severity: low description: | AVTECH DVR products are vulnerable t...

9.8CVSS7.1AI score0.13117EPSS
Exploits6References1
CVE
CVE
added 2 days ago8 views

CVE-2026-40007

CVE-2026-40007 affects Apache IoTDB. The issue is an uncontrolled recursion in the AirGap receiver: when pipe_air_gap_receiver_enabled is true, readLength recursively processes E-language prefixes with no depth limit, allowing an unauthenticated attacker to exhaust the receiver thread’s JVM stack...

7.5CVSS6.1AI score0.00278EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-40006

CVE-2026-40006 affects Apache IoTDB: when pipe_air_gap_receiver_enabled is true, the IoTDB AirGap pipe receiver accepts raw TCP connections on port 9780 without authentication. The readLength method reads an attacker-controlled 32-bit integer from the socket and passes it to new byte[length] with...

7.5CVSS6.1AI score0.00323EPSS
Exploits0References2
CVE
CVE
added 2 days ago7 views

CVE-2026-40005

CVE-2026-40005 is a path traversal vulnerability in Apache IoTDB. The issue arises from improper limitation of a pathname to a restricted directory, allowing an attacker to write arbitrary files anywhere the IoTDB process has write permissions via an unsafe API. Affected versions are IoTDB 1.0.0 ...

9.1CVSS6.2AI score0.00349EPSS
Exploits0References2
EUVD
EUVD
added 2 days ago7 views

EUVD-2026-42832

Insufficient Session Expiration, Authentication Bypass by Capture-replay vulnerability in Apache IoTDB. REST Basic Authentication Accepts Stale Cached Credentials This issue affects Apache IoTDB: from 1.0.0 before 2.0.10. Users are recommended to upgrade to version 2.0.10, which fixes the issue...

9.8CVSS6.1AI score0.00367EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 6 days ago7 views

CVE-2026-24012

Uncontrolled Resource Consumption vulnerability in Apache IoTDB. Some interface fails to impose reasonable limits on the time span and aggregation interval of the query. An attacker can construct a request with extreme parameters e.g., a very large time range combined with a minimal interval. Thi...

7.5CVSS6AI score0.00546EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-13768

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS0.00559EPSS
Exploits2References3
CVE
CVE
added 2026/07/02 11:52 p.m.21 views

CVE-2026-54477

CVE-2026-54477 affects the Gardyn IoT Hub admin panel, where the absence of standard security headers allows clickjacking and cross-site scripting. The available data show an impact with low confidentiality and integrity impact (CVSS scores: 5.1/4.0 base metrics, MEDIUM), but no explicit details ...

5.4CVSS5.6AI score0.00238EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2026/06/22 9:11 a.m.25 views

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/06/14 5:38 p.m.9 views

CVE-2026-54413

driftregion iso14229 through 0.9.0 contains an integer underflow and downstream out-of-bounds read in the Handle0x27SecurityAccess function in iso14229.c that allows a remote unauthenticated attacker to crash a UDS server and potentially read memory past the receive buffer by sending a single-byt...

8.8CVSS5.6AI score0.00459EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.16 views

PT-2026-48533

🚨 CVE-2026-42542 TDengine is an open source, time-series database optimized for Internet of Things devices. In versions 3.4.0.0 through 3.4.1.5, an unauthenticated remote attacker can crash the taosd server process by sending a single crafted RPC packet. No credentials or prior session state are...

7.5CVSS5.3AI score0.00539EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.13 views

PT-2026-47797

📣 ADVISORY: Researcher Trung Nguyen from @CyStackSecurity discovered Zip Slip vulnerability in EMQX MQTT Broker CVE-2026-44725, High - enabling arbitrary file write on the system via plugin installation mechanism. Details: https://t.co/iN6SWM48ig EMQX IoT Vulnerability https://t.co/DcfVVoz0qQ...

5.6AI score0.00048EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:29 p.m.10 views

CVE-2026-20169

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

6.4CVSS5.7AI score0.0021EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/06/02 12:0 a.m.26 views

Towards Intrusion Detection Systems for RPL-Based IoT Networks Using Foundation Models

AI-based intrusion detection systems IDS have shown promise in detecting attacks on IoT systems. In this work, we explore the use of foundation models to detect and identify attacks, with a specific focus on RPL-based IoT networks. We study multiple attack types, attack variations, and network...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/29 5:11 p.m.40 views

CVE-2026-7786 Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter Use of Hard-coded Credentials

Jinan USR IOT Technology Limited PUSR USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device services...

9.8CVSS0.00415EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/05/21 12:0 a.m.11 views

BYOT-CPS: A Hybrid Cyber-Physical Systems Testbed for IoT Security Assessment and Platform Evaluation

Internet of Things IoT security research continues to face a methodological gap between scalable virtual experimentation and realistic device behaviour. While pure simulation and emulation platforms provide control, repeatability, and scale, they do not fully reproduce firmware-specific behaviour...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/15 12:0 a.m.12 views

Security Analysis of a Communication Protocol: MQTT

This paper analyzes the security of the Message Queuing Telemetry Transport MQTT protocol in the context of the Internet of Things IoT. The main objective consists of identifying vulnerabilities and proposing security improvements. Adopting a hybrid methodology, a theoretical review was combined...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/12 11:58 a.m.14 views

Webinar: What the Riskiest SOC Alerts Go Unanswered - and How Radiant Security Can Help

Why do the Riskiest SOC Alerts Go Unanswered? Security operations teams are drowning in alerts. But the real problem isn't always alert volume; it's the blind spots. The most dangerous alerts are the ones no one is investigating. A recent report from The Hacker News examined why certain high-risk...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/09 3:38 a.m.61 views

IoT_vul

...

5.8AI score
Exploits0
Rows per page
Query Builder