Lucene search
K

544 matches found

NVD
NVD
added 3 days ago6 views

CVE-2026-38059

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS0.00592EPSS
Exploits0References3
CVE
CVE
added 3 days ago9 views

CVE-2026-38059

The CVE-2026-38059 entry concerns iDirect iQ200 devices where the /api/identity and /api/ REST endpoints are exposed without authentication. An unauthenticated attacker with network access can retrieve sensitive device data including serial number, Device ID (DID), Terminal Private Key (TPK) iden...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-42908

The iDirect iQ200 exposes the /api/identity and /api/ REST API endpoints without authentication. An unauthenticated attacker with network access can retrieve sensitive device information including the serial number, Device ID DID, Terminal Private Key identifier TPK, MAC address, and exact firmwa...

8.7CVSS6.1AI score0.00592EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-10098

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be...

6.3CVSS6AI score0.00121EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 10:16 p.m.7 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS0.00121EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 9:16 p.m.26 views

CVE-2026-10098 OCSP CertID serial-number length-confusion in wolfSSL_OCSP_resp_find_status

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS0.00121EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 9:16 p.m.6 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3Affected Software1
AlpineLinux
AlpineLinux
added 2026/06/25 9:16 p.m.6 views

CVE-2026-10098

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:5 p.m.12 views

EUVD-2026-36434

The Yarbo Android and iOS applications contain hard-coded MQTT broker credentials that are identical for all users and all devices. These credentials are embedded in the application binary and are readily extractable via APK decompilation. The credentials provide access to cloud MQTT brokers...

9.8CVSS5.2AI score0.00353EPSS
Exploits0References2
CVE
CVE
added 2026/06/12 2:5 p.m.40 views

CVE-2026-10557

CVE-2026-10557 concerns the Yarbo Android/iOS mobile applications, where hard-coded MQTT broker credentials are embedded in the application binary and identical across all users/devices. These credentials are extractable via APK decompilation and provide access to cloud MQTT brokers carrying real...

9.8CVSS5.2AI score0.00353EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 2:1 p.m.39 views

CVE-2026-7368 Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS0.00259EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 2:1 p.m.17 views

EUVD-2026-36433

The Yarbo cloud does not enforce per-device or per-user authorization. Any client possessing valid credentials, whether the shared hard-coded credentials or legitimate per-user credentials, can subscribe to wildcard topics covering all robots globally, and can publish to any robot's command topic...

8.6CVSS5.3AI score0.00259EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.32 views

PT-2026-48886

Name of the Vulnerable Software and Affected Versions Yarbo cloud affected versions not specified Description The cloud service fails to enforce per-device or per-user authorization. A client with valid credentials, including shared hard-coded credentials or legitimate per-user credentials, can...

8.6CVSS5.2AI score0.00259EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2026/06/11 4:15 p.m.10 views

Security update for hplip

This update for hplip fixes the following issues Update to HPLIP 3.26.4: Security issues: CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. CVE-2026-8631: escalation of privileges and/or arbitrary...

9.8CVSS6.3AI score0.01333EPSS
Exploits0References22
OSV
OSV
added 2026/06/03 8:7 a.m.6 views

SUSE-SU-2026:2229-1 Security update for hplip

This update for hplip fixes the following issues Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or arbitrary code execution via ...

9.8CVSS6.3AI score0.01333EPSS
Exploits0References11
OSV
OSV
added 2026/06/02 8:40 a.m.6 views

SUSE-SU-2026:2222-1 Security update for hplip

This update for hplip fixes the following issues Security issues: - CVE-2025-43023: weak code signing DSA key used to generate package signatures can lead to key spoofing and malicious software installation bsc1266031. - CVE-2026-8631: escalation of privileges and/or arbitrary code execution via ...

9.8CVSS6.4AI score0.01333EPSS
Exploits0References12
Vulnrichment
Vulnrichment
added 2026/05/27 7:45 a.m.9 views

CVE-2026-40812 Unauthenticated SQLi in getLiveValues function

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43552

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

8.7CVSS5.9AI score0.0032EPSS
Exploits0References2
Packet Storm
Packet Storm
added 2026/05/26 12:0 a.m.83 views

📄 ZTE ZXHN H298A / H108N Credential Disclosure

A single unauthenticated HTTP GET to /getpage.lua?pid=1000&ETHCheat=1 on ZTE H298A or H108N routers returns the live administrator password OBJUSERINFOIDPassword1, WLAN PSK WLANPSKKeyPassphrase1, and SSID in plaintext HTML. A second endpoint exposes the device serial number. -----BEGIN SECURITY...

7.5CVSS5.8AI score0.24681EPSS
Exploits3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: rxrpc: The issue of delayed ACKs was fixed, so that the reference serial number is no longer set. The construction of delayed ACKs was corrected to ensure that the reference serial number is not set, as it cannot be used as a...

5.5CVSS5.3AI score0.00241EPSS
Exploits0References1
Rows per page
Query Builder