Lucene search
K

311 matches found

NVD
NVD
added 2026/07/03 12:16 a.m.9 views

CVE-2026-13768

Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary...

10CVSS0.00559EPSS
Exploits2References3
CVE
CVE
added 2026/07/02 11:40 p.m.26 views

CVE-2026-13768

CVE-2026-13768 affects Gardyn Home Kit and Gardyn Studio. The root cause is exposure of a privileged iothubowner credential, which enables a malicious user to invoke IoTHub Registry Manager functions to obtain connection information for all Gardyn devices and to execute commands on a specific dev...

10CVSS6AI score0.00559EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.11 views

PT-2026-55338

Name of the Vulnerable Software and Affected Versions Gardyn Home Kit and Studio devices affected versions not specified Gardyn IoT Hub affected versions not specified Description Gardyn devices and the associated IoT Hub cloud service expose a hardcoded privileged iothubowner key. An...

10CVSS6.3AI score0.00559EPSS
Exploits2References18
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.8 views

CVE-2026-6411

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS5.4AI score0.00159EPSS
Exploits0References1
NVD
NVD
added 2026/06/02 10:16 p.m.15 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS0.00169EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/02 9:27 p.m.10 views

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/02 9:27 p.m.7 views

CVE-2025-15653 Dräger Zeus IE Anesthesia Workstation USB Interface Privilege Escalation

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
CVE
CVE
added 2026/06/02 9:27 p.m.27 views

CVE-2025-15653

The affected products are Dräger Zeus Infinity Empowered (Zeus IE) and Zeus RS C500 anesthesia workstations. The vulnerability is a local privilege escalation via unprotected USB interfaces that attackers with physical access can exploit to compromise software integrity. Reported impact includes ...

7CVSS5.8AI score0.00169EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.28 views

PT-2026-45864

Name of the Vulnerable Software and Affected Versions Dräger Zeus Infinity Empowered Zeus IE affected versions not specified Dräger Zeus RS C500 affected versions not specified Description A local security issue exists in anesthesia workstations that allows unauthorized individuals with physical...

7CVSS5.4AI score0.00169EPSS
Exploits0References6
NVD
NVD
added 2026/05/07 11:16 p.m.18 views

CVE-2026-6411

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 10:25 p.m.26 views

CVE-2026-6411

The CVE-2026-6411 issue affects MAXHUB Pivot client applications before v1.36.2. It stems from a hardcoded AES key, allowing decrypting encrypted tenant email addresses and related metadata, resulting in cleartext exposure. Additionally, an attacker could trigger a denial-of-service by enrolling ...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/07 10:25 p.m.10 views

CVE-2026-6411 MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/05/07 10:25 p.m.32 views

CVE-2026-6411 MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS0.00159EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/07 12:0 a.m.15 views

MAXHUB Pivot client application 加密问题漏洞

The MAXHUB Pivot client application is a client component of the MAXHUB company’s device management platform. Versions of the MAXHUB Pivot client application prior to 1.36.2 contained an encryption vulnerability. This vulnerability stemmed from the hardcoded AES key within the application. It cou...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2026/04/24 12:0 a.m.112 views

📄 lollms-webui Server-Side Request Forgery

lollms-webui suffers from a server-side request forgery vulnerability. ================================================================================================================================== | Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network Pivoting | | Author...

9.1CVSS5.3AI score0.21629EPSS
Exploits3
Microsoft Secure
Microsoft Secure
added 2026/04/17 2:51 p.m.11 views

Containing a domain compromise: How predictive shielding shut down lateral movement

In this article 1. Predictive shielding overview 2. Attack chain overview 3. How predictive shielding changed the outcome 4. MITRE ATT&CK® techniques observed 5. Learn more In identity-based attack campaigns, any initial access activity can turn an already serious intrusion into a critical incide...

6AI score
Exploits0
NVD
NVD
added 2026/04/06 3:17 p.m.9 views

CVE-2026-33510

Homarr is an open-source dashboard. Prior to 1.57.0, a DOM-based Cross-Site Scripting XSS vulnerability has been discovered in Homarr's /auth/login page. The application improperly trusts a URL parameter callbackUrl, which is passed to redirect and router.push. An attacker can craft a malicious...

8.8CVSS0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.6 views

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS5.9AI score0.00295EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/03 9:31 p.m.7 views

EUVD-2026-18831

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS5.9AI score0.00295EPSS
Exploits0References4
NVD
NVD
added 2026/04/03 9:17 p.m.6 views

CVE-2026-25197

A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call...

9.3CVSS0.00295EPSS
Exploits0References3
Rows per page
Query Builder