87 matches found
Use After Free
Overview Affected versions of this package are vulnerable to Use After Free in PKCS7verify. An attacker supplying a PKCS7 or S/MIME signed message whose SignedData digestAlgorithms field is an empty ASN.1 SET can cause a caller-owned BIO to be freed during verification. A subsequent use of that B...
Vulnerabilities found in F5 BIG-IP and BIG-IQ products
F5 has identified several vulnerabilities in the BIG-IP and BIG-IQ products, including components such as iControl REST, iControl SOAP, TMOS Shell, Traffic Management Microkernel TMM, Configuration Utility, Advanced WAF, ASM, PEM, DNS, Access Policy Manager APM, and SSL Orchestrator. The...
CVE-2026-7414
Yarbo firmware v2.3.9 contains hardcoded administrative credentials embedded in the firmware image. These credentials are identical across all devices running this firmware and cannot be changed or removed by end users, enabling trivial unauthorized access to device management interfaces by anyon...
Yarbo 信任管理问题漏洞
Yarbo is a modular intelligent courtyard maintenance robot developed by the American company Yarbo. Version 2.3.9 of Yarbo contains a vulnerability related to trust management. This vulnerability stems from hard-coded administrator credentials, which could allow attackers who are aware of these...
SonicWALL SonicOS 访问控制错误漏洞
SonicWALL SonicOS is an operating system developed by the American company SonicWALL, specifically for use with SonicWall firewall devices. There is a security vulnerability in SonicWall SonicOS related to access control mechanisms. This vulnerability may allow certain management interfaces to be...
CVE-2026-35064
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
CVE-2026-35064
CVE-2026-35064 concerns SenseLive X3050’s management ecosystem. The vulnerability allows unauthenticated discovery of deployed units via the vendor’s management protocol, enabling an attacker on the same network segment to identify device presence, identifiers, and management interfaces because d...
CVE-2026-35064 SenseLive X3050 Missing authentication for critical function
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
PT-2026-34806
A vulnerability in SenseLive X3050’s management ecosystem allows unauthenticated discovery of deployed units through the vendor’s management protocol, enabling identification of device presence, identifiers, and management interfaces without requiring credentials. Because discovery functions are...
Cisco IOS XE Software Lobby Ambassador Privilege Escalation (cisco-sa-iosxe-lobby-privesc-KwxBqJy)
According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the Lobby Ambassador web-based management API of Cisco IOS XE Software could allow an authenticated, remote attacker to elevate their privileges and access management APIs that would...
BIT-APPSMITH-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
CVE-2026-34411 Appsmith < 1.98 Unauthenticated Instance Configuration Disclosure via Management APIs
Appsmith versions prior to 1.98 expose sensitive instance management API endpoints without authentication. Unauthenticated attackers can query endpoints like /api/v1/consolidated-api/view and /api/v1/tenants/current to retrieve configuration metadata, license information, and unsalted SHA-256...
CVE-2026-20105
A vulnerability in the Remote Access SSL VPN functionality of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Secure Firewall Threat Defense FTD Software could allow an authenticated, remote attacker with a valid VPN connection to exhaust device memory resulting in a denial of...
CVE-2026-20082
A vulnerability in the handling of the embryonic connection limits in Cisco Secure Firewall Adaptive Security Appliance ASA Software could allow an unauthenticated, remote attacker to cause incoming TCP SYN packets to be dropped incorrectly. This vulnerability is due to improper handling of new,...
CVE-2026-20082
The CVE-2026-20082 entry describes a vulnerability in Cisco Secure Firewall ASA software related to embryonic TCP connection handling under SYN flood conditions. An unauthenticated remote attacker can send crafted traffic to the device, causing incorrect dropping of incoming TCP SYNs destined to ...
CVE-2020-37153
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
CVE-2020-37153
CVE-2020-37153 affects ASTPP 4.0.1. The vulnerability set includes cross-site scripting and command injection in the SIP device configuration and plugin management interfaces. Attackers could inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root p...
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
CVE-2020-37153 ASTPP VoIP 4.0.1 - Remote Code Execution
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with...
EUVD-2026-4674
Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 fail to include the X-Content-Type-Options: nosniff response header on web management interfaces. As a result, browsers that perform MIME sniffing may incorrectly interpret attacker-influenced responses as executable...