2141 matches found
CVE-2026-33105
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-32213
Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-33105
Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-34118
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An...
CVE-2026-4622
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4622
OS Command Injection vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to execute arbitrary OS commands via network...
CVE-2026-4309
Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network...
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attac...
CVE-2026-23674
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...
CVE-2026-26139
Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-26138
Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-4582
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attac...
PT-2026-27106
Name of the Vulnerable Software and Affected Versions Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N Description The Bluetooth Handler component in Shenzhen HCC Technology MPOS M6 PLUS version 1V.31-N contains a flaw that allows authentication bypass via capture-replay attacks originating...
PT-2026-27104
A security vulnerability has been detected in Shenzhen HCC Technology MPOS M6 PLUS 1V.31-N. Affected by this vulnerability is an unknown functionality of the component Bluetooth. Such manipulation leads to missing authentication. The attack must be carried out from within the local network. Attac...
CVE-2026-4477
A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.120171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...
EUVD-2026-13486
Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...
PT-2026-26571
A vulnerability was determined in Yi Technology YI Home Camera 2 2.1.1 20171024151200. This affects an unknown function of the component WPA/WPS. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can only be done within the local network. This attack is...
CVE-2026-26138
Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-26139
Server-side request forgery ssrf in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network...
CVE-2026-22557
CVE-2026-22557 affects UniFi Network Application. A pre-auth path traversal in the guest portal (URL pattern /guest/s/{site}/login) allows an unauthenticated attacker to cause a resource loader to read files from the underlying system (e.g., WEB-INF/web.xml) due to unvalidated input. An exploit P...