CVE-2026-5386 KMW CCTV Security Cameras Unverified Password Change

The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings...

EUVD-2026-31698

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

CVE-2026-9466 Tiandy Easy7 Integrated Management Platform API Endpoint updateUserPassword password recovery

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

PT-2026-43080

A vulnerability was determined in Tiandy Easy7 Integrated Management Platform 7.17.0. This issue affects some unknown processing of the file /rest/user/updateUserPassword of the component API Endpoint. Executing a manipulation can lead to weak password recovery. The attack can be executed remotel...

CVE-2026-7554

CVE-2026-7554 affects D-Link M60 firmware up to 1.20B02. The issue involves an unknown functionality in /usr/bin/httpd, which enables weak password recovery. It can be exploited remotely with high attack complexity, and public disclosures indicate the exploit may be used. The CVSS indications in ...

Flowise 授权问题漏洞

Flowise is an open-source tool developed by FlowiseAI, designed for easily building LLM applications. Prior versions of Flowise, up to 3.1.0, had an authorization vulnerability. This vulnerability stemmed from the resetPassword method in the AccountService class not checking whether a password...

CVE-2026-4558

A flaw has been found in Linksys MR9600 2.0.6.206937. Affected is the function smartConnectConfigure of the file SmartConnect.lua. Executing a manipulation of the argument configApSsid/configApPassphrase/srpLogin/srpPassword can lead to os command injection. The attack may be launched remotely. T...

Philips Hue Bridge 安全漏洞

The Philips Hue Bridge is a smart lighting gateway device developed by the Japanese company Philips Hue. There is a security vulnerability in the Philips Hue Bridge, which stems from the use of static random numbers in the SRP authentication mechanism, potentially allowing authentication bypass...

CVE-2026-3559

Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific...

EUVD-2026-8688

Due to missing neutralization of special elements, OS commands can be injected via the update functionality of a TLS-SRP connection, which is normally used for configuring devices inside the mesh network. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

CVE-2026-27848

Due to missing neutralization of special elements, OS commands can be injected via the handshake of a TLS-SRP connection, which are ultimately run as the root user. This issue affects MR9600: 1.0.4.205530; MX4200: 1.0.13.210200...

PT-2026-21962

Name of the Vulnerable Software and Affected Versions MR9600 versions 1.0.4.205530 MX4200 versions 1.0.13.210200 Description The issue stems from a lack of proper handling of special characters, allowing for the injection of OS commands through the update functionality associated with a TLS-SRP...

CVE-2026-2564 Intelbras VIP 3260 Z IA OutsideCmd password recovery

A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly...

CVE-2026-24789

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

CVE-2026-24789

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

CVE-2026-24789

CVE-2026-24789 is described in the provided documents as an unprotected API endpoint that allows remote password modification without authentication. The reports (including NVD/Red Hat/CVE lists) state a critical impact (high confidentiality, integrity, and availability effects) with CVSS scores ...

CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

CVE-2026-24789

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

CVE-2026-24789 ZLAN Information Technology ZLAN5143D Missing Authentication for Critical Function

An unprotected API endpoint allows an attacker to remotely change the device password without providing authentication...

ZLAN5143D 访问控制错误漏洞

ZLAN5143D is a serial port server from the Chinese company ZLAN. ZLAN5143D has an access control vulnerability, which stems from unprotected API endpoints. This vulnerability could allow attackers to remotely change device passwords without requiring authentication...