4 matches found
CVE-2026-50226
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links...
CVE-2026-50226
CVE-2026-50226 affects the AcerConnect OTA application. The issue arises from fixed AES-128-CBC keys inside the app, allowing attackers to forge authorization credentials for arbitrary IMEI numbers. This enables unauthorized actors to list catalog items and extract protected binaries from pre-sig...
CVE-2026-36176
GNCC GP5 v7.1.76 stores pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext on the serial console. This enables physically proximate attackers to extract active tokens and perform unauthorized operations via the serial UART interface. Root cause: tokens exposed in plaintext to the con...
Vulnerabilities fixed in Owncloud
Vulnerabilities have been fixed in Owncloud. A malicious party could exploit the vulnerabilities to cause a denial-of-service cause, or to bypass authentication and gain access to the victim's data. Owncloud has released updates to fix the vulnerabilities in Owncloud. For more information, see:...