366564 matches found
CVE-2026-49187
CVE-2026-49187 concerns hard-coded APK resource files that never expire and a shared scepter that can lead to information leaks and potential misuse. According to the entry, exploitation is network-based with low attack complexity and no privileges required, causing high confidentiality impact (t...
CVE-2026-49186
CVE-2026-49186 : The provided documents describe a vulnerability in a local MQTT broker where topic-level ACLs are not enforced. This allows any client to subscribe with wildcards (# or +) and enumerate hidden devices, or publish rogue control commands. The issue is rooted in missing access contr...
CVE-2026-49185
The CVE-2026-49185 entry concerns FieldX MDM where the adb messaging topic passes unverified payloads directly into Runtime.exec(), enabling command/instruction injection. Affected component: adb messaging topic within FieldX MDM; root cause is unverified payloads executed via Runtime.exec(). Imp...
CVE-2026-41010
The CVE describes a shell command-injection in BOSH Director during ReleaseJob#unpack: the code constructs a shell command using a name value taken verbatim from attacker-supplied release.MF and interpolates it into tar -C … -xf …, then executes via /bin/sh -c. Although the directory is created w...
CVE-2026-41011
The CVE affects BOSH: all versions prior to v282.1.12 (inclusive). PackagePersister.validate_tgz constructs a tar command (tar -tf #{tgz}) using a name derived from release.MF without Shellwords.escape, and passes it to Bosh::Common::Exec.sh (via /bin/sh -c). The Models::Package validation runs a...
CVE-2026-10597
Affected product/vendor: OMICARD EDM — ITPison. Vulnerability: Insecure Direct Object Reference (IDOR) that allows unauthenticated remote attackers to modify a specific parameter to obtain a user’s email address. Impact (as described): Unauthorized disclosure of user email information due to IDOR...
CVE-2026-41858
The CVE fixes a weakness in Get-RandomPassword within BOSH-Ecosystem’s windows-utilities-release. The password for the Administrator account is derived from a clock-seeded PRNG, allowing a network attacker who can estimate VM boot time to reconstruct a small candidate list and recover the Adminis...
CVE-2026-8829
CVE-2026-8829 : The Perl module HTML::Entities versions before 3.84 is affected. The vulnerability arises from the XS routine backing _decode_entities caching a pointer (repl) into the entity2char hash value SV. If an input SV matches a value SV in that hash and that value itself contains its own...
CVE-2026-41859
CVE-2026-41859 describes a man-in-the-middle between nats-sync and the BOSH director that can steal director credentials (Basic auth header or UAA client secret) and tamper with the VM list written into the NATS authorization file. Stolen credentials grant administrative director access. The issu...
CVE-2026-41860
CVE-2026-41860 affects BOSH prior to v282.1.9. The root cause is CWE-326: HttpRequestHelper#create_async_endpoint and #send_http_get_request_synchronous hard-code OpenSSL::SSL::VERIFY_NONE, enabling a local attacker to perform a MITM and intercept credentials or redirect UAA token requests betwee...
CVE-2026-8653
The MasterStudy LMS Pro Plus plugin for WordPress is vulnerable to a generic SQL Injection via the 'columns' parameter in all versions up to and including 4.8.20, caused by insufficient escaping of the user-supplied value and inadequate query preparation. Authenticated attackers with instructor-l...
CVE-2026-10737
The SP Project & Document Manager plugin for WordPress is affected up to version 4.71 by an access control flaw in view_file that allows unauthenticated attackers to read file metadata and obtain download links for files stored in project folders. The authorization gate uses a negated nonce check...
CVE-2026-7764
The CVE-2026-7764 entry documents an out-of-bounds read in Morse Micro HaLowLink 2 software (versions prior to 2.11.12) affecting the morse.ko HaLow Wi‑Fi kernel driver. An unauthenticated attacker within radio range can trigger a heap out-of-bounds read (up to 9 bytes) or a Denial of Service by ...
CVE-2026-36174
CVE-2026-36174 affects GNCC GP5 v7.1.76, where sensitive wireless network information is stored in plaintext during routine serial console operations. The issue enables physically proximate attackers to retrieve credentials by monitoring the serial UART interface. The CVSS vector (AV:P/AC:L/PR:N/...
CVE-2025-67448
The vulnerability CVE-2025-67448 affects the SMS module of the Neterbit NW-431F Router (versions 20241014-IR03 and earlier). The issue is a stored XSS flaw where user input in SMS messages is not properly sanitized before storing and displaying. As a result, an attacker can send an SMS containing...
CVE-2025-67447
The CVE concerns the ping module in Neterbit NW-431F Router (versions up to 20241014-IR03) with OS command injection via unsanitized IP address input fed to the system ping. The input validation flaw allows an attacker to inject arbitrary commands, which would run with the web server’s privileges...
CVE-2026-35905
CVE-2026-35905 affects T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03. The advisory states a hardcoded root password for the superadmin account, enabling high-privilege access. CVSSv3.1 base score is 9.8 (Network attack, no user interaction, high impact to confidentia...
CVE-2026-35904
CVE-2026-35904 affects T3 Technology CPE models: T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03. The issue is incorrect access control in the device web management CGI component, allowing unauthenticated attackers to enable Telnet via a crafted request. Public exploit/poC exists (GitHub advis...
CVE-2026-38570
CVE-2026-38570 : Affected component is bacnet_stack 1.3.1. The issue is an Out-of-bounds Read in bacnet_tag_number_decode, which leads to a denial of service. Documented impact is availability loss with a CVSS v3.1 base score of 7.5 (Network, Low attack complexity, No privileges or user interacti...
CVE-2026-36182
GNCC GP5 v7.1.76 uses a weak hashing algorithm to protect the root password, which could allow an attacker to brute-force and obtain root credentials and privileges. The CVE-2026-36182 entry shows a high-severity impact (CVSS v3.1: 9.8, NETWORK attack vector, no user interaction) with total poten...
CVE-2026-36176
GNCC GP5 v7.1.76 stores pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext on the serial console. This enables physically proximate attackers to extract active tokens and perform unauthorized operations via the serial UART interface. Root cause: tokens exposed in plaintext to the con...
CVE-2026-48681
OpenStack Ironic versions before 35.0.2 are affected by a vulnerability that allows file overwrite via directory traversal during deployment when processing a crafted ISO image. The issue concerns the deployment phase’s handling of ISO content, enabling unintended filesystem writes. Public source...
CVE-2026-31324
CVE-2026-31324 affects Android and is described as a zero-interaction privilege escalation due to a framework‑level integer overflow. The PT‑Security entry indicates active in‑the‑wild exploitation and notes that Mobile EDR is not prepared for this class of bug. Immediate fleet patches are recomm...
CVE-2026-36175
Technical details enabling exploitation are not publicly available in the provided documents. The GNCC GP5 U-Boot vulnerability description is repeated across sources; monitor for updated advisories or technical specifics.
CVE-2026-387289
Technical details for CVE-2026-387289 are not publicly available in the provided documents. The connected PT Security entry mentions the CVE in passing without remediation or impact specifics. Monitor for updates.
CVE-2025-69755
CVE-2025-69755 affects the Neterbit NW-431F Router (version vNW-431F-20241014-IR03). The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface. According to the metrics, the vulnerability has a CVSS v3.1 bas...
CVE-2025-67446
CVE-2025-67446 concerns the Neterbit NW-431F Router (versions up to and including 20241014-IR03). The issue is improper authentication due to a weak/predictable authentication cookie. By modifying the cookie value (e.g., to “admin”), an attacker can bypass the router’s authentication and gain una...
CVE-2026-36499
Open vSwitch v3.6.90 contains a missing upper-bound check in udpif_set_threads(); with OVSDB write access, an attacker can request excessive handler/revalidation threads, causing DoS via resource exhaustion. Documented across NVD entries and vuln lists; exploitation status is not detailed in the ...
CVE-2025-65640
The CVE-2025-65640 issue affects Arket Globe Document Intelligence 5.0.0.559 (Task in Progress / Recent page). It is a Cross Site Scripting (XSS) vulnerability caused by improper sanitization/escaping of user input in text fields when creating a new document, allowing injected JavaScript to run i...
CVE-2026-35906
CVE-2026-35906 affects T3 Technology CPE models T625Pro v1.0.07 and T6825G v1.0.03. The vulnerability stems from an undocumented debug CGI endpoint that is accessible without authentication, allowing an attacker to supply a crafted HTTP query string to execute arbitrary commands with root privile...
CVE-2026-36178
GNCC GP5 v7.1.76 is affected: the factory reset does not clear sensitive cryptographic material in the JFFS2 configuration partition, potentially enabling recovery of sensitive user data. Available documents provide the issue and impact but do not specify a patch or mitigation.
CVE-2026-44393
Summary: OpenStack oslo.messaging (RabbitMQ driver) versions 1.0.0–17.3.0 fail TLS hostname verification when connecting to the broker. The driver validates certificate chains when ssl_ca_file is configured but does not pass the broker hostname into the TLS stack, allowing any certificate signed ...
CVE-2026-36180
CVE-2026-36180 affects GNCC GP5 v7.1.76. The issue is a lack of runtime integrity that lets physically-proximate attackers bypass read-only protections via a bind-mount attack, enabling modification of system files and binaries for the duration of a boot session. Documents consistently describe t...
CVE-2026-41283
OpenStack Mistral
CVE-2026-44917
OpenStack Ironic (prior to 35.0.2) is vulnerable to an information-disclosure issue where a malicious authenticated project admin or manager can read local files on the Ironic conductor via a pxe_template. This CVE is documented across multiple sources (OpenStack Ironic, Debian tracker, CVE lists...
CVE-2026-8722
Net::Async::Statsd::Client (Perl) is affected up to version 0.005. The issue arises from unvalidated metric names that may contain newlines, colons, or pipes, allowing metric injections. No exploitation details are provided in the documents, and no remediation version is specified here; upgrading...
CVE-2026-10783
CVE-2026-10783 – gradio-app gradio 6.14.0 : The flaw affects the Audio Cache Key Handler’s save_audio_to_cache function. Manipulation can trigger the use of a weak hash. Exploitation requires local access and is deemed high complexity; an in-the-wild exploit has been released to the public. Patch...
CVE-2026-10777
The CVE-2026-10777 entry concerns ealpha072 Student-Management-System (Administrative Backend). Affects the file admin/config.php where manipulation of the component’s functionality can lead to improper authentication. The issue is described as triggerable remotely, with a publicly available expl...
CVE-2026-10775
CVE-2026-10775 affects sgl-project SGLang Cache Handler, specifically the data_hash function. The issue allows a denial of service via manipulation of data_hash and is restricted to local execution with high attack complexity; exploitation has been publicly disclosed. Affected versions include SG...
CVE-2026-22055
The CVE concerns Active IQ OneCollect 2.7.3, where hard-coded credentials could allow an authenticated user with LOW privileges to perform unauthorized AutoSupport operations. Root cause: hard-coded credentials. Impact: unauthorized AutoSupport actions with low privileges. The provided documents ...
CVE-2026-22054
CVE-2026-22054 affects Active IQ Config Advisor 6.7.3 and involves hard-coded credentials that could enable an authenticated, low-privilege attacker to perform unauthorized AutoSupport operations. The CVSS vector indicates network access, low attack complexity, and low privileges required with im...
CVE-2026-52793
Summary: The Froxlor API authentication path does not enforce 2FA, allowing API keys to access API operations without a second factor, even when 2FA is enabled for the account. The provided PoC shows API access to 165 functions (including writes) after login through the API with only an API key/s...
CVE-2026-44182
CVE-2026-44182 is linked to the Jupyter Enterprise Gateway Kubernetes deployment issue described in the connected GHSA/osv entry. The vulnerability arises from rendering Kubernetes manifests with untrusted environment variables via Jinja2 templates, enabling YAML injection. Attackers can overwrit...
CVE-2026-44181
CVE-2026-44181 (via GHSA-F49J-V924-FX9W) concerns a server-side template injection in Jupyter Enterprise Gateway when rendering Kubernetes manifests. The issue arises from environment variables like KERNEL_POD_NAME being processed with Jinja2 templates, enabling SSTI and remote code execution (Py...
CVE-2026-44180
Summary: The CVE candidate CVE-2026-44180 is reserved; connected advisory GHSA-CHQ7-94J8-CJ28 describes a bypass in Jupyter Enterprise Gateway where KERNEL_UID/KERNEL_GID can be set to 0 (root) and may be bypassed by trailing spaces in the string. This allows kernels to run as root, creating elev...
CVE-2026-10771
CVE-2026-10771 affects crmeb_crmeb_java 1.4. The vulnerability targets the function RestTemplate.getForEntity in the file crmeb-common/src/main/java/com/zbkj/common/utils/RestTemplateUtil.java of the component base64 Qrcode Endpoint . Manipulating the argument url results in a server-side request...
CVE-2026-44023
The connected advisory documents a SSRF vulnerability in docling-core earlier than 2.74.1. Affected range: >= 1.5.0 and = 2.74.1, which adds stricter validation and filename normalization. If upgrading isn’t immediate, a workaround is to avoid passing untrusted URLs into remote fetch functiona...
CVE-2026-43980
The CVE-2026-43980 entry is elaborated by the connected advisory GHSA-CH57-39Q2-4CRM, which documents a Stored XSS flaw in the Malla dashboard caused by unsanitized node names stored in SQLite and rendered into the DOM. Affected components include templates traceroute_graph.html, map.html, packet...
CVE-2026-26898
Technical details for CVE-2026-26898 are not publicly available in the provided documents; monitor for updates.
CVE-2026-10766
The vulnerability CVE-2026-10766 affects mlrun up to 1.12.0-rc3, specifically the function mlrun.utils.helpers.calculate_dataframe_hash in DataFrame Hash Handler. The issue arises from a manipulation that leads to the use of a weak hash. Exploitation is possible only from a local environment, wit...