Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.5 views

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/10 9:30 p.m.29 views

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS0.0041EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/10 9:30 p.m.3 views

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/10 9:30 p.m.4 views

CVE-2026-28806

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/10 9:30 p.m.7 views

CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control

Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...

9.4CVSS6AI score0.0041EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/10 12:0 a.m.7 views

PT-2026-24471

Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...

9.4CVSS5.9AI score0.0041EPSS
Exploits0References9
Rows per page
Query Builder