Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2026/05/11 5:16 p.m.4 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS0.00012EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/11 4:2 p.m.1 views

CVE-2026-33356

In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard topics and receive telemetry from devices the user does not own. The broker enforces publish restrictions but does not enforce equivalent subscribe authorization a...

7.7CVSS5.8AI score0.00012EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2026/05/11 4:2 p.m.7 views

CVE-2026-33356

CVE-2026-33356 affects Meari IoT Cloud MQTT Broker deployments using EMQX 4.x. The issue is that authenticated low-privilege users can subscribe to global wildcard topics and access telemetry from devices they don’t own, because subscribe authorization is not enforced at per-device scope, while p...

7.7CVSS5.8AI score0.00012EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/09/26 2:48 p.m.2 views

CVE-2025-10542

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

9.8CVSS7.2AI score0.00196EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/09/25 2:35 p.m.1 views

CVE-2025-10542 Insecure Default Admin Credentials Enable Full Administrative Access in iMonitor EAM

iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management client’s connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and dat...

6.8AI score0.00196EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/03/06 6:46 p.m.8 views

CVE-2025-25294 Envoy Gateway Log Injection Vulnerability

Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. In all Envoy Gateway versions prior to 1.2.7 and 1.3.1 a default Envoy Proxy access log configuration is used. This format is vulnerable to log injection attacks. If the...

5.3CVSS0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2023/04/25 12:0 a.m.2 views

PT-2023-19659 · Arista · Arista Eos

Name of the Vulnerable Software and Affected Versions: Arista EOS affected versions not specified Description: An authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the...

8.8CVSS6.3AI score0.00224EPSS
Exploits1References4
Rows per page
Query Builder