CVE-2026-45182

GrapheneOS before 2026050400 allows attackers to discover the real IP address of a VPN user as a consequence of a registerQuicConnectionClosePayload optimization, because an application can let systemserver transmit UDP traffic on its behalf. This occurs when the "Block connections without VPN" a...

CVE-2026-7415

The CVE-2026-7415 vulnerability affects the MQTT broker embedded in Yarbo firmware v2.3.9. The broker is configured to allow anonymous connections with no topic-level read/write ACLs, enabling any host on the same network to subscribe to sensitive telemetry topics or publish control messages dire...

CVE-2026-31506

In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wolirq since it was instantiated with devmrequestirq. So devres will free for us...

CVE-2026-41038 Weak Password Policy Vulnerability in Quantum Networks Router QN-I-470

This vulnerability exists in Quantum Networks router due to lack of enforcement of strong password policies in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing password guessing or brute-force attacks against user accounts, leading...

CVE-2026-41037

This vulnerability exists in Quantum Networks router due to missing rate limiting and CAPTCHA protection for failed login attempts in the web-based management interface. An attacker on the same network could exploit this vulnerability by performing brute force attacks against administrative...

CVE-2026-32838

Edimax GS-5008PL firmware version 1.00.54 and prior use cleartext HTTP for the web management interface without implementing TLS or SSL encryption. Attackers on the same network can intercept management traffic to capture administrator credentials and sensitive configuration data...

CVE-2026-22627

CVE-2026-22627 affects Fortinet FortiSwitch AX Fixed 1.0.0 through 1.0.1. The vulnerability is a buffer copy without input size checking in LLDP packet handling, enabling an unauthenticated attacker on the same adjacent network to run arbitrary code or commands on the device. Impact per the entry...

PT-2026-6601

Name of the Vulnerable Software and Affected Versions TP-Link Tapo H100 version 1 TP-Link Tapo P100 version 1 Description An improper certificate validation issue exists in the software. An attacker on the same network segment can intercept and modify encrypted communications between the device a...

TP-LINK多款产品 安全漏洞

TP-LINK Tapos are products of the TP-LINK company from China. The TP-LINK Tapo is a series of secure Wi-Fi cameras. The TP-Link Tapo H100 is also a product of the TP-LINK company. The TP-Link Tapo H100 is an intelligent IoT gateway. The TP-Link Tapo P100 is also an intelligent IoT gateway. Both t...

CVE-2026-22080

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...

CVE-2026-22079

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the plaintext transmission of login credentials during the initial login or post-factory reset setup through the web-based administrative interface. An attacker on the same network cou...

PT-2026-2147

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers transmit login credentials in plaintext during the initial login or after a factory reset through the web-based administrative interface. An attacker on the...

CVE-2025-48588

In startAlwaysOnVpn of Vpn.java, there is a possible way to disable always-on VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-24639

Malicious code in bioql PyPI...

CVE-2025-41708 Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface

Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission...

Google Android 授权问题漏洞

Android is a Linux-based open source operating system developed by Google and the Open Handheld Alliance OHA for short. The vulnerability can be exploited to cause local escalation of privileges CONTROLALWAYSONVPN...

CVE-2021-0505

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

CVE-2020-15056

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name...

CVE-2020-15054

TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic...

mysql: Server: Connection Handling unspecified vulnerability (CPU Jan 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling. Supported versions that are affected are 5.6.42 and prior, 5.7.24 and prior and 8.0.13 and prior. Difficult to exploit vulnerability allows low privileged attacker with access to the physical...