Lucene search
K

97 matches found

NVD
NVD
added 2026/06/12 3:16 p.m.17 views

CVE-2026-7368

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 2:1 p.m.39 views

CVE-2026-7368 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:1 p.m.17 views

EUVD-2026-36433

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 2:1 p.m.22 views

CVE-2026-7368

The CVE covers Yarbo Android/iOS mobile app and Yarbo cloud infrastructure where per-device/user authorization is not enforced. The system allows any client with valid credentials to subscribe to wildcard topics for all robots and publish to any robot’s command topic using only the robot’s serial...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/12 2:1 p.m.9 views

CVE-2026-7368 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.33 views

PT-2026-48886

Name of the Vulnerable Software and Affected Versions Yarbo cloud affected versions not specified Description The cloud service fails to enforce per-device or per-user authorization. A client with valid credentials, including shared hard-coded credentials or legitimate per-user credentials, can...

8.6CVSS5.2AI score0.00259EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.10 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.5AI score0.00274EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/27 12:56 p.m.14 views

EUVD-2026-32417

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

5.8AI score0.00139EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/05/27 12:56 p.m.8 views

CVE-2026-46036

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

7.8CVSS5.7AI score0.00139EPSS
Exploits0
CVE
CVE
added 2026/05/27 12:56 p.m.23 views

CVE-2026-46036

The CVE covers a race in the Linux kernel vfio/cdx driver where concurrent VFIO_DEVICE_SET_IRQS ioctls can observe inconsistent state of config_msi and cdx_irqs, leading to use-after-free of the cdx_irqs array. A per-device mutex (cdx_irqs_lock) is added to struct vfio_cdx_device and is acquired ...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/05/27 12:56 p.m.45 views

CVE-2026-46036 vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex

In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex vfiocdxsetmsitrigger reads vdev-configmsi and operates on the vdev-cdxirqs array based on its value, but provides no serialization against concurrent VFIODEVICESETIRQS...

7.8CVSS0.00139EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/05/27 12:0 a.m.13 views

CVE-2026-46036

vfio/cdx: Serialize VFIODEVICESETIRQS with a per-device mutex...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: amd/amdkfd: enhanced checking of kfd processes during switch partitions. Currently, the switch partition only checks whether kfdprocessestable is empty. An entry in kfdprocessnotifierrelease is deleted, but the kfdprocess is...

5.9AI score0.00155EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: net: devioctl: Must take ops lock in hwtstamp lower paths ndo hwtstamp callbacks are expected to run under the per-device ops lock. Make the lower get/set paths consistent with the rest of ndo invocations. Kernel log: WARNING:...

5.5CVSS5.4AI score0.00119EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/11 6:31 p.m.10 views

EUVD-2026-29102

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.8AI score0.00274EPSS
Exploits0References3
NVD
NVD
added 2026/05/11 5:16 p.m.14 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00274EPSS
Exploits0References2
CVE
CVE
added 2026/05/11 4:2 p.m.25 views

CVE-2026-33356

CVE-2026-33356 affects Meari IoT Cloud MQTT Broker deployments using EMQX 4.x. The issue is that authenticated low-privilege users can subscribe to global wildcard topics and access telemetry from devices they don’t own, because subscribe authorization is not enforced at per-device scope, while p...

7.7CVSS5.8AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/11 4:2 p.m.35 views

CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/05/11 4:2 p.m.7 views

CVE-2026-33356 Meari MQTT broker missing per-device subscribe ACL

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.8AI score0.00274EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/16 6:31 p.m.6 views

EUVD-2026-23272

A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstaxauth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03...

8.7CVSS5.8AI score0.00202EPSS
Exploits0References2
Rows per page
Query Builder