6 matches found
CVE-2026-28806
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
CVE-2026-28806
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control
Improper Authorization vulnerability in nerves-hub nerveshubweb allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target devices belonging to...
PT-2026-24471
Name of the Vulnerable Software and Affected Versions nerves-hub nerves hub web versions 1.0.0 through 2.3.9 Description An improper authorization issue exists in nerves-hub nerves hub web that allows cross-organization device control through device bulk actions and the device update API. Missing...