27 matches found
EUVD-2026-39578
OCSP CertID serial-number length-confusion in wolfSSLOCSPrespfindstatus allows a same-issuer SingleResponse whose serial is a prefix of the target serial to be reported as the revocation status of a different certificate. The lookup compared serial-number bytes without first requiring the two...
CVE-2026-49192
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
EUVD-2026-34211
The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping...
CVE-2026-24933
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
CVE-2026-24933
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
CVE-2026-24933
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
PT-2026-5765
The API communication component fails to validate the SSL/TLS certificate when sending HTTPS requests to the server. An improper certificates validation vulnerability allows an unauthenticated remote attacker can perform a Man-in-the-Middle MitM attack to intercept the cleartext communication,...
CVE-2025-3654
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...
UBUNTU-CVE-2025-68243
In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...
CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()
In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...
CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()
In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...
PT-2025-51656
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the NFS implementation. Specifically, when the TLS security policy is set to RPC XPRTSEC TLS X509, the nfs match client function does not proper...
EUVD-2025-35083
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166...
CVE-2025-9574 Missing Authentication Vulnerability
Missing Authentication for Critical Function vulnerability in ABB ALS-mini-s4 IP, ABB ALS-mini-s8 IP.This issue affects . All firmware versions with the Serial Number from 2000 to 5166...
EUVD-2025-24270
Malicious code in bioql PyPI...
CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2025-8452
CVE-2025-8452 leverages eSCL or SNMP to retrieve a printer’s serial number and then applies the technique described in CVE-2024-51978 to derive the default administrator password. If the password remains at its default, an attacker could gain admin access; changing the password mitigates the risk...
CVE-2025-47872 EG4 Electronics EG4 Inverters Observable Discrepancy
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...
PT-2025-6207 · Openv2G · Openv2G
Name of the Vulnerable Software and Affected Versions: OpenV2G versions prior to 0.9.6 Description: A vulnerability has been identified in the OpenV2G EXI parsing feature, which is missing a length check when parsing X509 serial numbers. This allows an attacker to introduce a buffer overflow,...
CVE-2022-35648
Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers to cause a denial of service fall by connecting the power cord to a 120V circuit which may lead to...