Export limit exceeded: 84326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84326 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-69755 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 8.2 High |
| An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface | ||||
| CVE-2026-36176 | 1 Gncc | 1 Gp5 | 2026-06-05 | 7.1 High |
| GNCC GP5 v7.1.76 was discovered to store pre-signed Backblaze B2 upload URLs (PUT requests) in plaintext to the serial console. This allows physically-proximate attackers to extract these active tokens to perform unauthorized operations via monitoring the serial UART interface. | ||||
| CVE-2026-49187 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse. | ||||
| CVE-2026-49189 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.8 High |
| Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations. | ||||
| CVE-2026-49190 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.8 High |
| The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions. | ||||
| CVE-2026-49193 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet. | ||||
| CVE-2026-49194 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.8 High |
| The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface. | ||||
| CVE-2026-49203 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.3 High |
| Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted. | ||||
| CVE-2026-49202 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.6 High |
| Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft. | ||||
| CVE-2026-50205 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 8.2 High |
| System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data. | ||||
| CVE-2026-50207 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.8 High |
| The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. | ||||
| CVE-2026-50209 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.8 High |
| Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. | ||||
| CVE-2026-50210 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption. | ||||
| CVE-2026-50213 | 1 Acer | 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router | 2026-06-05 | 7.5 High |
| The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings. | ||||
| CVE-2026-3820 | 1 Smci | 1 As-2115hs-tnr | 2026-06-05 | 7.2 High |
| There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process invocation. Potential impact includes denial-of-service attacks, arbitrary code execution, or permanent compromise of the controller. | ||||
| CVE-2025-59874 | 1 Hcltech | 1 Hive | 2026-06-05 | 8.1 High |
| HCL Hive Telco Observability is affected by a Required directives missing from the CSP issue is detected in keycloak component of the web application. Missing essential directives can leave a site vulnerable. | ||||
| CVE-2019-25726 | 1 Nicheoffice | 1 All In One Video Downloader | 2026-06-05 | 8.2 High |
| All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id parameter to extract sensitive database information including usernames, databases, and version details. | ||||
| CVE-2019-25730 | 1 Themerig | 1 Listing Hub Cms | 2026-06-05 | 8.2 High |
| Listing Hub CMS 1.0 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to pages.php with crafted id values using error-based SQL injection techniques to extract database credentials, usernames, and version information. | ||||
| CVE-2019-25732 | 1 Eitube | 1 Ei-tube | 2026-06-05 | 8.2 High |
| PHP EI-Tube Script 3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can send GET requests to the search endpoint with crafted SQL payloads in the query parameter to extract sensitive database information including usernames, passwords, and version details. | ||||
| CVE-2026-5228 | 1 Kurt Software Studio | 1 Writeup Mobile App | 2026-06-05 | 8.8 High |
| Improper Access Control, Missing Authorization vulnerability in Kurt Software Studio WriteUp Mobile App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WriteUp Mobile App: from 1.3.0 through 04062026. | ||||