27 matches found
CVE-2026-24899
Fleet is open source device management software. Prior to version 4.82.0, a vulnerability in Fleet's Windows MDM enrollment flow allows authentication tokens from any Azure AD tenant to be accepted. Because Fleet validates JWT signatures using Microsoft's multi-tenant JWKS endpoint but does not...
EUVD-2026-28471
This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...
CVE-2026-6411
This vulnerability, in the MAXHUB Pivot client application versions prior to v1.36.2, may allow an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Due to the presence of a hardcoded AES key within the application, the encrypted data can be decrypted,...
PT-2026-38599
Name of the Vulnerable Software and Affected Versions MAXHUB Pivot client versions prior to 1.36.2 Description An issue in the application allows an attacker to obtain encrypted tenant email addresses and related metadata from any tenant. Because a hardcoded AES key Advanced Encryption Standard, ...
CVE-2026-34766
A flaw was found in Electron. An attacker could influence an application's handler for the select-usb-device event to select a USB device ID outside of the filtered list. This could grant access to a USB device that was not intended by the application's security filters, potentially leading to...
XikeStor SKS8310-8X 访问控制错误漏洞
The XikeStor SKS8310-8X is an Ethernet switch produced by the XikeStor company. Versions of XikeStor SKS8310-8X prior to 1.04.B07 contain a security vulnerability related to access control. This vulnerability stems from the absence of authentication at the /switchconfig.src endpoint, which may...
Fleet data falsification vulnerability
Fleet is an open-source device management platform that supports various operating systems and devices. It helps IT and security teams with device management, vulnerability reporting, MDM operations, etc. It’s free and flexible. Fleet has a data falsification vulnerability, which stems from...
EUVD-2025-202406
An unauthenticated device registration vulnerability, caused by Improperly Controlled Modification of Dynamically-Determined Object Attributes, has been identified in the MXsecurity Series. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted JSON paylo...
EUVD-2022-42300
Malicious code in bioql PyPI...
CVE-2024-24900
Dell Secure Connect Gateway SCG Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosu...
Authorization
Dell Secure Connect Gateway SCG Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosu...
CVE-2024-24900
Dell Secure Connect Gateway SCG Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosu...
Identify and De-risk Unmanaged, Unauthorized Devices With Qualys CyberSecurity Asset Management (CSAM)
69% of organizations said they experienced at least one cyberattack resulting from an exploit of an unknown or unmanaged asset such as software, cloud-based workloads user accounts, and IoT devices. Ultimately, these attacks stem from visibility gaps in the attack surface. Bringing these assets...
Closing the Visibility Gap: How Qualys Cloud Agent Passive Sensor (CAPS) Eliminates Blind Spots Without the Hassle
In modern networks, the most significant risks come from systems that fall through the cracks. Modern networks are full of unknown and unmanaged assets. Some are seemingly benign devices introduced by well-meaning employees or contractors that can turn rogue. While some of these may be genuinely...
PT-2023-20812 · Unknown · Efr32 Bluetooth Le Stack
Name of the Vulnerable Software and Affected Versions: EFR32 Bluetooth LE stack versions 5.1.0 through 5.1.1 Description: A memory leak in the EFR32 Bluetooth LE stack allows an attacker to send an invalid pairing message, causing future legitimate connection attempts to fail. The error is...
JTEKT TOYOPUC Products
1. EXECUTIVE SUMMARY CVSS v3 4.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: JTEKT Corporation Equipment: TOYOPUC products Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a remote...
Cisco Identity Services Engine Authorization Bypass (cisco-sa-ise-auth-bypass-uJWqLTZM)
An authentication bypass vulnerability exists in the web-based management component of Cisco Identity Services Engine due to insufficient validation of user-supplied URL input. An authenticated, remote attacker can exploit this, by submitting specially crafted URL to an affected host, to modify...
CVE-2020-3467
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to modify parts of the configuration on an affected device. The vulnerability is due to improper enforcement of role-based access control RBAC within the...
Authentication flaw
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...
CVE-2017-14018
An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed,...