584 matches found
bagbag (>=0.72.2 <=0.75.43), chameli (>=0.1.9 <=0.1.13) +29 more potentially affected by CVE-2026-40606 via mitmproxy (>=0.17.0 <=12.2.1)
mitmproxy PYPI version =0.17.0, =0.72.2, =0.1.9, =0.1.0, =0.0.0, =4.0.0, =0.34.0, =0.14.1, =4.0.0, =0.11.0, =3.7.6, =2.0.0b0, =1.0.0, =0.9.0, =1.1.0 and more Source cves: CVE-2026-40606 Source advisory: OSV:PYSEC-2026-92...
OPENSUSE-SU-2026:20581-1 Security update for nebula
This update for nebula fixes the following issues: Changes in nebula: - Update to version 1.10.3: Fix an issue where blocklist bypass is possible when using curve P256 Any newly issued P256 based certificates will have their signature clamped to the low-s form. Nebula will assert the low-s...
CVE-2026-4217
A security vulnerability has been detected in XREAL Nebula App up to 3.2.1 on Android. This impacts an unknown function of the file in ai/nreal/nebula/flutterPlugin/CloudStoragePlugin.java of the component ai.nreal.nebula.universal. Such manipulation of the argument...
CVE-2026-31849
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...
CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31848
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...
CVE-2026-31851
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
EUVD-2026-14421
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout on the authentication interface...
EUVD-2026-14413
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. Once enabled, the service exposes a privileged diagnostic management interface over the network, increasing the attack surface...
EUVD-2026-14417
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing administrative endpoints. A remote attacker can induce an authenticated administrator to submit crafted requests that modify device settings, including security-relevant...
CVE-2026-31851
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
CVE-2026-31849
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an...
CVE-2026-31847
Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...
CVE-2026-31848
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecospw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid...
CVE-2026-31850
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other...
EUVD-2026-14402
An unauthenticated credential disclosure vulnerability in the /goform/ate endpoint of Nexxt Solutions Nebula 300+ firmware through Nebula300+v12.01.01.37 allows an adjacent attacker to obtain the administrator password in Base64-encoded form via a crafted HTTP request. The recovered credential ca...
CVE-2026-31851
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
CVE-2026-31851 Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...
CVE-2026-31851
CVE-2026-31851 affects Nexxt Solutions Nebula 300+ firmware up to version 12.01.01.37. The primary issue is lack of rate limiting and account lockout on authentication interfaces, allowing unlimited authentication attempts and potential brute-force attempts to obtain administrative credentials. S...
CVE-2026-31851 Lack of Rate Limiting Enables Brute-Force Attacks in Nexxt Nebula 300+
Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attack...