Lucene search
K

52 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.7 views

CVE-2026-6411

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS5.4AI score0.00159EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

Fleet 安全漏洞

Fleet is an open-source device management platform developed by Fleet Device Management. It supports various operating systems and devices, and helps IT and security teams with device management, vulnerability reporting, and MDM operations. Versions of Fleet prior to 4.82.0 contained security...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.18 views

PT-2026-40969

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.82.0 Description A flaw in the Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. The software validates JWT JSON Web Token signatures using Microsoft's multi-tenant JWKS...

8.2CVSS5.8AI score0.00381EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/05/07 10:25 p.m.10 views

CVE-2026-6411 MAXHUB Pivot Client Application Use of a Broken or Risky Cryptographic Algorithm

This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References3
CVE
CVE
added 2026/05/07 10:25 p.m.20 views

CVE-2026-6411

The CVE-2026-6411 issue affects MAXHUB Pivot client applications before v1.36.2. It stems from a hardcoded AES key, allowing decrypting encrypted tenant email addresses and related metadata, resulting in cleartext exposure. Additionally, an attacker could trigger a denial-of-service by enrolling ...

7.3CVSS5.8AI score0.00159EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/04/27 7:22 a.m.6 views

CVE-2026-30368

A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorization tokens, leading to unauthorized control and monitoring of student devices...

5.4CVSS5.2AI score0.00346EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/03 11:33 p.m.4 views

CVE-2025-3653 Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

7.3CVSS6.4AI score0.00216EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/03 12:0 a.m.6 views

PT-2026-1181

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an improper access control issue. The platform allows unauthorized device manipulation by accepting arbitrary serial...

9.8CVSS6.5AI score0.00216EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/12/18 12:40 p.m.11 views

CVE-2025-14097

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through othe...

8.4CVSS7.7AI score0.00399EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/17 12:36 p.m.2 views

CVE-2025-14097 Remote Code Execution Vulnerability in Radiometer Products

A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through othe...

7.2CVSS7.4AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2025/12/17 12:36 p.m.20 views

CVE-2025-14097

CVE-2025-14097 affects Radiometer analyzer software across multiple products. The issue allows remote code execution and unauthorized device management when specific internal conditions are met, requiring a remote connection with additional information obtained via other means. Root cause is a we...

7.2CVSS7.4AI score0.00399EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.3 views

PT-2025-51829

Name of the Vulnerable Software and Affected Versions Radiometer products affected versions not specified Description A flaw exists in the application software of multiple Radiometer products that could permit remote code execution and unauthorized device management. Recommendations At the moment...

7.2CVSS7.6AI score0.00399EPSS
Exploits0References10
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.5 views

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in the Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a dependency on client...

5.8CVSS6.8AI score0.00488EPSS
Exploits1References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-23224

Malware in sbrugna...

6.5CVSS6.5AI score0.00971EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-18095

Malware in sbrugna...

7.1CVSS6.7AI score0.00835EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2017-5533

Malware in sbrugna...

4.8CVSS5.1AI score0.00364EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-20147

Malware in sbrugna...

8.1CVSS8AI score0.00513EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6610

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.0091EPSS
Exploits0References12
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-35593

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00403EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/05 12:0 a.m.3 views

D-Link DI-8400 yyxz.asp File Stack Buffer Overflow Vulnerability

The D-Link DI-8400 is an enterprise-class Internet behavior management router from D-Link for medium to large enterprise network environments. The D-Link DI-8400 suffers from a stack buffer overflow vulnerability that originates from a stack-based buffer overflow in the parameter ID of the functi...

9CVSS7.7AI score0.01395EPSS
Exploits1References1
Rows per page
Query Builder