600 matches found
Astra Linux – Vulnerability in Linux, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: amdgpu/pm: prevented array underflow in vega20odneditdpmtable In the PPODEDITVDDCCURVE case, the “inputindex” variable is capped at 2, but its negative values are not checked, resulting in an out-of-bounds read. This value comes...
VEGA VEGAPULS 6X 访问控制错误漏洞
VEGA VEGAPULS 6X is a series of radar level measurement sensors from the German company VEGA. The VEGA VEGAPULS 6X features two-wire PROFINET, Modbus TCP, and OPC UA interfaces. There are access control vulnerability issues associated with these devices; these vulnerabilities stem from insecurely...
Spring Office Hours Podcast: S5E13 - Community Potluck
Join Dan Vega and DaShaun Carter for the latest updates from the Spring Ecosystem. In this Potluck episode, Dan and DaShaun open up the floor to the community, answering your questions on Spring Boot, Spring AI, Spring Security, and whatever else is on your mind. Potluck episodes are shaped...
Cross-site Scripting (XSS)
Vega is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the attachment of vega library and a vega.View instance to the global window, and the allowance of user-defined Vega JSON definitions, which can lead to arbitrary JavaScript code execution. An attacker can exploit this...
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26341
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26342 Tattile Smart+ / Vega / Basic <= 1.181.5 Insufficient Session Token Expiration
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior implement an authentication token X-User-Token with insufficient expiration. An attacker who obtains a valid token for example via interception, log exposure, or token reuse on a shared system can continue to...
CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26341 Tattile Smart+ / Vega / Basic <= 1.181.5 Default Credentials
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior ship with default credentials that are not forced to be changed during installation or commissioning. An attacker who can reach the management interface can authenticate using the default credentials and gain...
CVE-2026-26341
CVE-2026-26341 affects Tattile Smart+, Vega, and Basic device families with firmware ≤ 1.181.5. The root cause is default credentials that are not forced to be changed during installation, enabling an attacker who can reach the management interface to authenticate and gain administrative access t...
CVE-2026-26340
The CVE-2026-26340 entry affects Tattile Smart+, Vega, and Basic device families on firmware versions 1.181.5 and earlier, where RTSP streams are exposed without authentication. The underlying issue is unauthenticated access to live video/audio streams, enabling unauthorized surveillance data dis...
CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...
CVE-2026-26340 Tattile Smart+ / Vega / Basic <= 1.181.5 Unauthenticated RTSP Stream Disclosure
Tattile Smart+, Vega, and Basic device families firmware versions 1.181.5 and prior expose RTSP streams without requiring authentication. A remote attacker can connect to the RTSP service and access live video/audio streams without valid credentials, resulting in unauthorized disclosure of...
Tattile Cameras 1.181.5 Unauthenticated RTSP Stream Disclosure
Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...
PT-2026-21790
Name of the Vulnerable Software and Affected Versions Tattile Smart+, Vega, and Basic device families versions prior to 1.181.5 Description The authentication token X-User-Token in affected devices has an insufficient expiration time. An attacker obtaining a valid token through methods like...
Tattile Cameras 1.181.5 Use of Default Credentials
Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...