EUVD-2026-23954

A local attacker who can execute privileged CSR operations or can induce firmware to do so performs carefully crafted reads/writes to menvcfg e.g., csrrs in M-mode. On affected XiangShan versions commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19, these menvcfg accesses can unexpectedly...

PT-2026-33478

Name of the Vulnerable Software and Affected Versions OpenViking versions prior to commit c7bb167 Description An authentication bypass exists in the VikingBot OpenAPI HTTP route surface. The issue occurs when the api key configuration value is unset or empty, causing the authentication check to...

PT-2025-15711 · Ооо 'Новые Технологии Безопасности' · Safeinspect

Уязвимость системы контроля привилегированных пользователей SafeInspect связана с непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный HTML-код...

NuCom NC-WR644GACV Unauthenticated Configuration File Download Vulnerability

NuCom NC-WR644GACV with software versions STA 005 and below suffer from a configuration file download vulnerability that allows for extraction of the administrative credentials. Overview ======== Researchers of NVEL4 Cybersecurity company have discovered that it is possible to access to the confi...

Enterasys Vertical Horizon switches backdoor accounts

There is undocumented backdoor account tiger/tiger123, in addition some privileged control character combination are available to unprivileged user from console or telnet session...