Lucene search
K

27 matches found

EUVD
EUVD
added 2026/06/26 12:32 a.m.5 views

EUVD-2026-39578

OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...

6.3CVSS5.8AI score0.00121EPSS
Exploits0References3
NVD
NVD
added 2026/06/04 7:16 a.m.12 views

CVE-2026-49192

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS0.00138EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/04 5:43 a.m.12 views

EUVD-2026-34211

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...

5.4CVSS5.8AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/04 3:15 a.m.6 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS5.5AI score0.00204EPSS
Exploits0References1
OSV
OSV
added 2026/02/03 3:15 a.m.4 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

5.9CVSS5.8AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 2:22 a.m.7 views

CVE-2026-24933

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS5.6AI score0.00204EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.9 views

PT-2026-5765

The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...

8.9CVSS5.6AI score0.00204EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/05 12:7 a.m.11 views

CVE-2025-3654

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...

6.9CVSS6.2AI score0.00241EPSS
Exploits0References1
OSV
OSV
added 2025/12/16 3:15 p.m.2 views

UBUNTU-CVE-2025-68243

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

5.7AI score0.00096EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/12/16 2:21 p.m.27 views

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

0.00096EPSS
Exploits0References2
OSV
OSV
added 2025/12/16 2:21 p.m.6 views

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

6.3AI score0.00096EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.4 views

PT-2025-51656

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the NFS implementation. Specifically, when the TLS security policy is set to RPC XPRTSEC TLS X509, the nfs match client function does not proper...

5.4AI score0.00544EPSS
Exploits4References386
EUVD
EUVD
added 2025/10/20 6:30 p.m.5 views

EUVD-2025-35083

Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166...

9.9CVSS6.4AI score0.00754EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/20 4:56 p.m.18 views

CVE-2025-9574 Missing Authentication Vulnerability

Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166...

10CVSS6.5AI score0.00754EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-24270

Malicious code in bioql PyPI...

4.3CVSS6.3AI score0.00227EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/08/12 3:23 p.m.5 views

CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.

By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References5
CVE
CVE
added 2025/08/12 3:23 p.m.28 views

CVE-2025-8452

CVE-2025-8452 leverages eSCL or SNMP to retrieve a printer’s serial number and then applies the technique described in CVE-2024-51978 to derive the default administrator password. If the password remains at its default, an attacker could gain admin access; changing the password mitigates the risk...

4.3CVSS7.1AI score0.00227EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/08/08 4:14 p.m.3 views

CVE-2025-47872 EG4 Electronics EG4 Inverters Observable Discrepancy

The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...

6.9CVSS6.7AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/11 12:0 a.m.3 views

PT-2025-6207 · Openv2G · Openv2G

Name of the Vulnerable Software and Affected Versions: OpenV2G versions prior to 0.9.6 Description: A vulnerability has been identified in the OpenV2G EXI parsing feature, which is missing a length check when parsing X509 serial numbers. This allows an attacker to introduce a buffer overflow,...

6.9CVSS7.4AI score0.00369EPSS
Exploits0References6
OSV
OSV
added 2022/07/12 2:15 p.m.3 views

CVE-2022-35648

Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service fall by connecting the power cord to a 120V circuit which may lead to...

2.4CVSS5.8AI score0.00286EPSS
Exploits0References3
Rows per page
Query Builder