CVE-2025-11004

The vulnerability CVE-2025-11004 is a reflected XSS in several API endpoints of the Simplicity Device Manager Tool. An attacker on the same network can exploit the issue, potentially affecting confidentiality, integrity, and availability of the system hosting the tool. The CVSS v4.0 vector indica...

PT-2026-7267

The Simplicity Device Manager Tool has a Reflected XSS Cross-site-scripting vulnerability in several API endpoints. The attacker needs to be on the same network to execute this attack. These APIs can affect confidentiality, integrity, and availability of the system that has Simplicity Device...

CVE-2026-22080 Insecure Transmission Vulnerability in Tenda Wireless Routers

This vulnerability exists in Tenda wireless routers 300Mbps Wireless Router F3 and N300 Easy Setup Router due to the transmission of credentials encoded using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network could exploit this vulnerabilit...

PT-2026-2148

Name of the Vulnerable Software and Affected Versions Tenda 300Mbps Wireless Router F3 Tenda N300 Easy Setup Router Description The routers transmit credentials using reversible Base64 encoding through the web-based administrative interface. An attacker on the same network can intercept network...

CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

CVE-2025-63226

The Sencore SMP100 SMP Media Platform firmware versions V4.2.160, V60.1.4, V60.1.29 is vulnerable to session hijacking due to improper session management on the /UserManagement.html endpoint. Attackers who are on the same network as the victim and have access to the target's logged-in session can...

PT-2025-47395

Name of the Vulnerable Software and Affected Versions Sencore SMP100 SMP Media Platform versions V4.2.160, V60.1.4, V60.1.29 Description The Sencore SMP100 SMP Media Platform is susceptible to session hijacking because of inadequate session management. An attacker on the same network as a logged-...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

CVE-2025-10495

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code...

CVE-2025-43515

The issue was addressed by refusing external connections by default. This issue is fixed in Compressor 4.11.1. An unauthenticated user on the same network as a Compressor server may be able to execute arbitrary code...

CVE-2025-12047

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application...

CVE-2025-10495

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code...

CVE-2025-12047

Lenovo Scanner Pro is reported to have a vulnerability that, under certain conditions during an internal security assessment, could allow an attacker on the same logical network to disclose sensitive user files from the application. The available documents provide a high-level impact description ...

CVE-2025-12047

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application...

CVE-2025-12047

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to disclose sensitive user files from the application...

CVE-2025-10495

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker on the same logical network to execute arbitrary code...

PT-2025-46691

Name of the Vulnerable Software and Affected Versions Lenovo Scanner pro affected versions not specified Description An issue was identified in the Lenovo Scanner pro application that, in certain situations, could allow an attacker on the same network to access sensitive user files from the...

Lenovo Scanner Pro 安全漏洞

Lenovo Scanner Pro is a scanner application from the Chinese company Lenovo Lenovo. A security vulnerability exists in Lenovo Scanner Pro, which stems from a vulnerability that could allow an attacker on the same logical network to disclose sensitive user files in the application under certain...

Lexmark Printers Denial of Service (CVE-2019-14816)

A vulnerability was found in the Linux kernel's Marvell WiFi chip driver. The vulnerability can be exploited by an attacker on the same WiFi physical network segment to cause a system crash resulting in a denial of service or potentially execution of arbitrary code. %NASLMINLEVEL 80900 C Tenable,...

EUVD-2019-5499

Malware in sbrugna...