Lucene search
K

4349 matches found

Nuclei
Nuclei
added yesterday48 views

QNAP Music Station < 5.4.0 - Authentication Bypass

An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following version: Music Station 5.4.0 and later id:...

8.8CVSS6.1AI score0.01173EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday190 views

QNAP QTS Photo Station External Reference - Local File Inclusion

QNAP QTS Photo Station External Reference is vulnerable to local file inclusion via an externally controlled reference to a resource vulnerability. If exploited, this could allow an attacker to modify system files. The vulnerability is fixed in the following versions: QTS 5.0.1: Photo Station 6.1...

10CVSS7AI score0.87908EPSS
Exploits0
Nuclei
Nuclei
added yesterday31 views

Personal Weather Station Dashboard 12 - Directory Traversal

Personal Weather Station Dashboard 12lts allows unauthenticated remote attackers to read arbitrary files via ../ directory traversal in the test parameter to /others/test.php, as demonstrated by reading the server's private SSL key in cleartext. id: CVE-2025-47423 info: name: Personal Weather...

5.8CVSS7.2AI score0.02114EPSS
Exploits1References2
Nuclei
Nuclei
added yesterday13 views

Cloudlog - SQL Injection

Cloudlog 2.6.15 contains a SQL injection caused by unsanitized input in oqrs.php requestform, letting attackers execute arbitrary SQL commands via stationid or callsign, exploit requires sending crafted request. id: CVE-2024-48259 info: name: Cloudlog - SQL Injection author: s4e-io severity: high...

7.3CVSS6.3AI score0.0087EPSS
Exploits1References3
Zero Science Lab
Zero Science Lab
added yesterday24 views

SIP Sustainable Irrigation Platform 5.x (cli_control) Remote Code Execution

Summary SIP is a free Raspberry Pi based Python program for controlling irrigation systems sprinkler, drip, hydroponic, etc. It uses web technology to provide an intuitive user interface UI in several languages. The UI can be accessed in your favorite browser on desktop, laptop, and mobile device...

9.8CVSS6.1AI score
Exploits2
CVE
CVE
added 2 days ago7 views

CVE-2026-4765

The CVE-2026-4765 issue affects Tallos Chat (RD Station Conversas) and is triggered in the initialization step via the ‘name’ parameter, where improper sanitization allows stored XSS. The vulnerability can execute arbitrary JavaScript in the context of the application, and is amplified because it...

5.1CVSS6.3AI score0.00272EPSS
Exploits0References1
NVD
NVD
added 2 days ago4 views

CVE-2026-22093

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago28 views

CVE-2026-22099 Missing authentication for Bluetooth communication

The charging station does not require authentication for Bluetooth commands to perform actions. The functionality exposed includes sensitive information leakage, triggering reboots, or pushing a firmware update URL...

8.7CVSS0.00247EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago29 views

CVE-2026-22093 Adversary-in-the-Middle (AitM) attack vulnerability in EVbee Service app

The EVbee Service Android app uses TLS encrypted communication HTTPS, but does not validate the certificate provided by the server. This allows an attacker on the network path between the app and EVbee server to intercept and manipulate the communication between the app and server. The traffic is...

9.5CVSS0.00203EPSS
Exploits0References1
Nuclei
Nuclei
added 2 days ago24 views

QNAP Photo Station < 6.0.3 - Remote Code Execution

QNAP Photo Station versions prior to 6.0.3 contain multiple vulnerabilities that, when chained together, enable unauthenticated remote code execution RCE. id: CVE-2019-7194 info: name: QNAP Photo Station 6.0.3 - Remote Code Execution author: x-stp severity: critical description: | QNAP Photo...

9.8CVSS7.4AI score0.82966EPSS
Exploits8References1
NVD
NVD
added 3 days ago8 views

CVE-2026-10664

The nRF70 Wi-Fi driver's power-save event handler nrfwifieventprocgetpowersaveinfo in drivers/wifi/nrfwifi/src/wifimgmt.c copied TWT Target Wake Time flow entries from an nrfwifiumaceventpowersaveinfo event into the fixed-size twtflowsWIFIMAXTWTFLOWS 8-element array of a caller-supplied struct...

5CVSS0.00143EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43096

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago21 views

EUVD-2026-43094

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS6.1AI score0.00519EPSS
Exploits0References4
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-43095

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS6.1AI score0.0038EPSS
Exploits0References4
NVD
NVD
added 5 days ago7 views

CVE-2026-42952

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS0.0038EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-44383

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
NVD
NVD
added 5 days ago7 views

CVE-2026-20744

The charging station websocket endpoint accepts connections without proper authentication, which could lead to privilege escalation...

9.8CVSS0.00519EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-44383 Hydro-Québec Le Circuit Electrique charging station backend Insufficient Session Expiration

Multiple connections to the backend using the same charging station ID are allowed, which could allow an attacker to deploy multiple instances of malicious OCPP clients to overwhelm the backend...

8.7CVSS0.00563EPSS
Exploits0References3
CVE
CVE
added 5 days ago13 views

CVE-2026-44383

CVE-2026-44383 concerns Hydro-Québec Le Circuit Electrique charging station backend with insufficient session expiration. The issue allows multiple connections using the same charging station ID, enabling attackers to deploy multiple OCPP clients to overwhelm the backend, impacting availability (...

8.7CVSS6.1AI score0.00563EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-42952 Hydro-Québec Le Circuit Electrique charging station backend Improper Restriction of Excessive Authentication Attempts

Previously, there was no throttling on repeated authentication attempts to the charging station backend, which could allow an attacker to execute a denial-of-service attack...

8.7CVSS0.0038EPSS
Exploits0References3
Rows per page
Query Builder