CVE-2026-36606

Mercusys AC12G EU V1 router with firmware AC12GEUV1200909 encrypts configuration backups with a hardcoded DES key using single DES in ECB mode. An attacker who obtains a backup file can decrypt it to recover all stored credentials including admin password, WiFi PSK, and DDNS credentials...

📄 ZTE ZXHN H298A 1.1 / H108N 2.6 Unauthenticated Credential Disclosure

ZTE ZXHN H298A 1.1 and H108N 2.6 suffer from an unauthenticated credential exposure vulnerability via the ETHCheat parameter in getpage.lua. Title: ZTE ZXHN H298A 1.1 / H108N 2.6 - Unauthenticated Credential Exposure ETHCheat Parameter Date: 2026-05-20 Author: Mina Nageh Salalma Monx Research CVE...

CVE-2026-4346

The CVE concerns TP-Link TL-WR850N v3 where credentials (administrative and Wi‑Fi) are stored in cleartext in a region of the device’s flash while the serial interface is enabled and protected by weak authentication. A physical attacker who can access the serial port can recover sensitive data, i...

CVE-2026-4346 Cleartext Storage of Administrative and Wi-Fi Credentials via Accessible Serial Interface in TP Link's TL-WR850N

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

CVE-2025-61738

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

CVE-2025-61738

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

EUVD-2025-204702

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

CVE-2025-61738 Johnson Controls PowerG and IQPanel cleartext transmission of sensitive information

Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network...

PT-2025-52641

Name of the Vulnerable Software and Affected Versions PowerG affected versions not specified Description An attacker may be able to capture the network key, and subsequently read or write encrypted packets on the PowerG network under specific circumstances. Recommendations At the moment, there is...

CVE-2025-8414

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerabili...

EUVD-2025-34896

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerabili...

CVE-2025-8414

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerabili...

CVE-2025-8414 Zigbee Green Power Host Buffer Overflow Vulnerability

Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerabili...

CVE-2025-8414

CVE-2025-8414 affects Zigbee EZSP Host Applications and is caused by improper input validation leading to a buffer overflow. This can cause stack corruption and, under certain conditions, arbitrary code execution. Exploitation requires access to a network key. The CVSS 4.0 score is CRITICAL (AV: ...

EUVD-2013-1990

Malware in sbrugna...

EUVD-2022-52270

Malicious code in bioql PyPI...

CVE-2024-5264 Network Key Transfer with AES KHT vulnerability in Luna EFT

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...

CVE-2024-5264 Network Key Transfer with AES KHT vulnerability in Luna EFT

Network Transfer with AES KHT in Thales Luna EFT 2.1 and above allows a user with administrative console access to access backups taken via offline analysis...