CVE-2026-5386

CVE-2026-5386 concerns KMW CCTV Security Cameras with a critical unauthenticated password reset that lets an attacker remotely reset the administrator password to a known value, granting full access to feeds and settings. The CVSS v3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N) yields a base sc...

Netty epoll transport denial of service via RST on half-closed TCP connection

Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100% CPU busy-loop in the event loop thread. Affected versions All versions of 4.2.x...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

EPSON WF-2861 Missing Authentication for Critical Function (CVE-2018-19248)

The web service on Epson WorkForce WF-2861 10.48 LQ22I3Recovery- mode, WF-2861 10.51.LQ20I6, and WF-2861 10.52.LQ17IA devices allows remote attackers to upload a firmware file and reset the printer without authentication by making a request to the /DOWN/FIRMWAREUPDATE/ROM1 URI and a POST request ...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-1632 RISS SRL MOMA Seismic Station Missing Authentication for Critical Function

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

PT-2026-6050

Name of the Vulnerable Software and Affected Versions MOMA Seismic Station versions v2.4.2520 and prior Description The MOMA Seismic Station web management interface does not require authentication. This allows an unauthenticated attacker to modify configuration settings, obtain device data, or...

RISS SRL MOMA Seismic Station 访问控制错误漏洞

RISS SRL MOMA Seismic Station is a specialized industrial control device for earthquake monitoring developed by the Italian company RISS SRL. Versions of RISS SRL MOMA Seismic Station prior to v2.4.2520 contained an access control vulnerability. This vulnerability stemmed from the lack of...

CVE-2026-0834

CVE-2026-0834 affects TP-Link Archer C20 v6.0 (firmware before V6_251031) and Archer AX53 v1.0 (firmware before V1_251215) via the TDDP module. A logic vulnerability allows unauthenticated adjacent attackers to remotely execute administrative commands, including factory reset and device reboot, w...

CVE-2025-58083

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device...

CVE-2025-58083

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device...

EUVD-2025-197669

General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device...

VulnCheck KEV: CVE-2017-8295

WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to...

Buffer overflow vulnerability in multiple Huawei products (CNVD-2020-52407)

Huawei IPS Module and others are products of Huawei, China.Huawei IPS Module is an Intrusion Prevention System IPS module.NGFW Module is a Next-Generation Firewall NGFW module.Secospace USG6600 is a Next-Generation Firewall product. A buffer overflow vulnerability exists in multiple Huawei...

CVE-2019-7389

An issue was discovered in /bin/goahead on D-Link DIR-823G devices with the firmware 1.02B03. There is incorrect access control allowing remote attackers to reset the router without authentication via the SetFactoryDefault HNAP API. Consequently, an attacker can achieve a denial-of-service attack...

CVE-2018-14078

Wi2be SMART HP WMT R1.2.20201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL Attackers can login using the "admin" username with password "admin" after a successful attack...

Integer overflow vulnerability in multiple Huawei products (CNVD-2018-05082)

Huawei DP300 and others are products of Huawei, China.DP300 is a video conferencing terminal.RP200 is an all-in-one video conferencing device. An integer overflow vulnerability exists in multiple Huawei products, where the vulnerability stems from a program failing to adequately perform input...

CVE-2017-3184

ACTi cameras including the D, B, I, and E series using firmware version A1D-500-V6.11.31-AC fail to properly restrict access to the factory reset page. An unauthenticated, remote attacker can exploit this vulnerability by directly accessing the...

Sichuan Telecom's Skywing Broadband Home Gateway TEWA-500E suffers from information leakage vulnerability

Sichuan Telecom Skywing Broadband Home Gateway TEWA-500E is a home version of the router. The Sichuan Telecom Tianyi Broadband Home Gateway TEWA-500E suffers from an information disclosure vulnerability, which can be exploited by an attacker to remotely restore the factory configuration and then...