Vendor CVEs
Cisagov
All CVEs
38 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-58083 | Cri | 0.65 | 10.0 | 0.01 | Nov 15, 2025 | General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device. | ||
| CVE-2026-28742 | Cri | 0.64 | 9.8 | 0.00 | Jun 12, 2026 | Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence… | ||
| CVE-2026-7786 | Cri | 0.64 | 9.8 | 0.00 | May 29, 2026 | Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device… | ||
| CVE-2026-7251 | Cri | 0.64 | 9.8 | 0.01 | May 26, 2026 | Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the… | ||
| CVE-2026-25775 | Cri | 0.64 | 9.8 | 0.00 | Apr 24, 2026 | A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,… | ||
| CVE-2025-64130 | Cri | 0.64 | 9.8 | 0.01 | Nov 26, 2025 | Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser. | ||
| CVE-2025-54807 | Cri | 0.64 | 9.8 | 0.01 | Sep 18, 2025 | The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system. | ||
| CVE-2026-5386 | Cri | 0.59 | 9.1 | 0.01 | May 29, 2026 | The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings. | ||
| CVE-2026-8598 | Cri | 0.59 | 9.1 | 0.01 | May 20, 2026 | An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials. | ||
| CVE-2026-42947 | Hig | 0.57 | 8.8 | 0.00 | Jun 12, 2026 | A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker… | ||
| CVE-2026-5768 | Hig | 0.57 | 8.8 | 0.00 | May 29, 2026 | The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping… | ||
| CVE-2026-6824 | Hig | 0.55 | 8.4 | 0.00 | May 29, 2026 | A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend.… | ||
| CVE-2026-42941 | Hig | 0.54 | 8.3 | 0.00 | May 29, 2026 | The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change. | ||
| CVE-2026-42929 | Hig | 0.54 | 8.3 | 0.00 | May 29, 2026 | Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | ||
| CVE-2026-50101 | Hig | 0.53 | 8.1 | 0.00 | Jun 12, 2026 | Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any… | ||
| CVE-2025-12659 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process. | ||
| CVE-2025-49848 | Hig | 0.51 | 7.8 | 0.00 | Jun 17, 2025 | An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of… | ||
| CVE-2026-50245 | Hig | 0.50 | 7.7 | 0.00 | Jun 11, 2026 | Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed. | ||
| CVE-2026-50005 | Hig | 0.50 | 7.7 | 0.00 | Jun 11, 2026 | Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds. | ||
| CVE-2026-50108 | Hig | 0.49 | 7.5 | 0.00 | Jun 12, 2026 | The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary… | ||
| CVE-2019-10953 | Hig | 0.49 | 7.5 | 0.04 | Apr 17, 2019 | ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets. | ||
| CVE-2026-43510 | Hig | 0.42 | 7.6 | 0.00 | May 7, 2026 | manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30. | ||
| CVE-2026-21404 | Med | 0.41 | 6.3 | 0.00 | Jun 4, 2026 | NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful… | ||
| CVE-2026-40425 | Med | 0.37 | 5.7 | 0.00 | May 29, 2026 | The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | ||
| CVE-2026-44611 | Med | 0.35 | 5.4 | 0.00 | May 29, 2026 | Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. | ||
| CVE-2026-42951 | Med | 0.35 | 5.4 | 0.00 | May 29, 2026 | An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | ||
| CVE-2026-42932 | Med | 0.34 | 5.3 | 0.00 | Jun 12, 2026 | Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can… | ||
| CVE-2026-4293 | Med | 0.34 | 5.3 | 0.00 | May 20, 2026 | The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser. | ||
| CVE-2025-53471 | Med | 0.33 | 5.1 | 0.00 | Jul 11, 2025 | Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | ||
| CVE-2026-50099 | Med | 0.30 | 4.6 | 0.00 | Jun 12, 2026 | During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell… | ||
| CVE-2025-67634 | 0.00 | — | 0.00 | Dec 12, 2025 | The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The… | |||
| CVE-2025-35436 | 0.00 | — | 0.01 | Sep 17, 2025 | CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27. | |||
| CVE-2025-35435 | 0.00 | — | 0.00 | Sep 17, 2025 | CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6. | |||
| CVE-2025-35434 | 0.00 | — | 0.00 | Sep 17, 2025 | CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2. | |||
| CVE-2025-35433 | 0.00 | — | 0.00 | Sep 17, 2025 | CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1. | |||
| CVE-2025-35432 | 0.00 | — | 0.01 | Sep 17, 2025 | CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes. | |||
| CVE-2025-35431 | 0.00 | — | 0.00 | Sep 17, 2025 | CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1. | |||
| CVE-2025-35430 | 0.00 | — | 0.00 | Sep 17, 2025 | CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2. |
- risk 0.65cvss 10.0epss 0.01
General Industrial Controls Lynx+ Gateway is missing critical authentication in the embedded web server which could allow an attacker to remotely reset the device.
- risk 0.64cvss 9.8epss 0.00
Naxclow devices use a uniform request-signing scheme based on a hard-coded, platform-wide salt embedded in every firmware image. Once this salt is recovered from any device, an attacker can generate valid signatures for arbitrary device or account operations due to the absence…
- risk 0.64cvss 9.8epss 0.00
Jinan USR IOT Technology Limited (PUSR) USR-W610 RS232/485 to Wi-Fi/Ethernet Converter device firmware contains plaintext administrative credentials embedded in the firmware image. These credentials can be extracted through firmware analysis and used to authenticate to device…
- risk 0.64cvss 9.8epss 0.01
Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the…
- risk 0.64cvss 9.8epss 0.00
A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges,…
- risk 0.64cvss 9.8epss 0.01
Zenitel TCIV-3+ is vulnerable to a reflected cross-site scripting vulnerability, which could allow a remote attacker to execute arbitrary JavaScript on the victim's browser.
- risk 0.64cvss 9.8epss 0.01
The secret used for validating authentication tokens is hardcoded in device firmware for affected versions. An attacker who obtains the signing key can bypass authentication, gaining complete access to the system.
- risk 0.59cvss 9.1epss 0.01
The affected KMW CCTV Security Cameras are vulnerable to a critical unauthenticated password reset. This flaw allows an attacker to remotely reset the administrator password to a known value without authentication, granting full access to the camera feeds and settings.
- risk 0.59cvss 9.1epss 0.01
An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication and exposes critical information about the camera such as open services and camera account credentials.
- risk 0.57cvss 8.8epss 0.00
A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker…
- risk 0.57cvss 8.8epss 0.00
The Frontier X2 device allows unauthenticated BLE read/write access to critical GATT characteristics without enforcing pairing authentication or authorization. This allows attackers within BLE range to perform unauthorized control of device functions, including starting/stopping…
- risk 0.55cvss 8.4epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend.…
- risk 0.54cvss 8.3epss 0.00
The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change.
- risk 0.54cvss 8.3epss 0.00
Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials.
- risk 0.53cvss 8.1epss 0.00
Naxclow devices use a server-side, per-device relay credential that never rotates and is re-issued to the device on each boot. Because this credential remains valid indefinitely and cannot be reset or revoked by the legitimate owner, any party that obtains it through any…
- risk 0.51cvss 7.8epss 0.00
Siemens Simcenter Femap contains a memory corruption vulnerability while parsing specially crafted IPT files. This could allow an attacker to execute code in the context of the current process.
- risk 0.51cvss 7.8epss 0.00
An out-of-bounds write vulnerability exists within the parsing of PRJ files. The issues result from the lack of proper validation of user-supplied data, which can result in different memory corruption issues within the application, such as reading and writing past the end of…
- risk 0.50cvss 7.7epss 0.00
Brickcom cameras allow unauthenticated access to live snapshot images via the /ONVIF endpoint and no authentication is required to retrieve still images from the camera feed.
- risk 0.50cvss 7.7epss 0.00
Brickcom cameras ship with default credentials that allows any unauthenticated remote attacker to silently access camera feeds.
- risk 0.49cvss 7.5epss 0.00
The Naxclow platform API that returns device relay registration details exposes a persistent credential without verifying that the requester is the legitimate device or owner. An actor able to present a platform-valid request signature can retrieve credentials for arbitrary…
- risk 0.49cvss 7.5epss 0.04
ABB, Phoenix Contact, Schneider Electric, Siemens, WAGO - Programmable Logic Controllers, multiple versions. Researchers have found some controllers are susceptible to a denial-of-service attack due to a flood of network packets.
- risk 0.42cvss 7.6epss 0.00
manage.get.gov is the .gov TLD registrar maintained by CISA. manage.get.gov allows an organization administrator to assign domain manager privileges for domains not already in another organization. Fixed in 1.176.0 on or around 2026-04-30.
- risk 0.41cvss 6.3epss 0.00
NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful…
- risk 0.37cvss 5.7epss 0.00
The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password.
- risk 0.35cvss 5.4epss 0.00
Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks.
- risk 0.35cvss 5.4epss 0.00
An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes.
- risk 0.34cvss 5.3epss 0.00
Naxclow device identifiers use fixed manufacturing prefixes combined with sequential counters, producing a fully predictable and enumerable identifier space. Because the platform also exposes an endpoint that reveals the current identifier high-water mark, the active fleet can…
- risk 0.34cvss 5.3epss 0.00
The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser.
- risk 0.33cvss 5.1epss 0.00
Emerson ValveLink products receive input or data, but does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- risk 0.30cvss 4.6epss 0.00
During WiFi association, Naxclow device firmware prints the host network’s SSID, PSK, and negotiated WPA keys in cleartext to an exposed UART console on production hardware. The UART pads are labeled, run with default serial settings, and drop to an interactive RT-Thread shell…
- CVE-2025-67634Dec 12, 2025risk 0.00cvss —epss 0.00
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The…
- CVE-2025-35436Sep 17, 2025risk 0.00cvss —epss 0.01
CISA Thorium uses '.unwrap()' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27.
- CVE-2025-35435Sep 17, 2025risk 0.00cvss —epss 0.00
CISA Thorium accepts a stream split size of zero then divides by this value. A remote, authenticated attacker could cause the service to crash. Fixed in commit 89101a6.
- CVE-2025-35434Sep 17, 2025risk 0.00cvss —epss 0.00
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.
- CVE-2025-35433Sep 17, 2025risk 0.00cvss —epss 0.00
CISA Thorium does not properly invalidate previously used tokens when resetting passwords. An attacker that possesses a previously used token could still log in after a password reset. Fixed in 1.1.1.
- CVE-2025-35432Sep 17, 2025risk 0.00cvss —epss 0.01
CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes.
- CVE-2025-35431Sep 17, 2025risk 0.00cvss —epss 0.00
CISA Thorium does not escape user controlled strings used in LDAP queries. An authenticated remote attacker can modify LDAP authorization data such as group memberships. Fixed in 1.1.1.
- CVE-2025-35430Sep 17, 2025risk 0.00cvss —epss 0.00
CISA Thorium does not adequately validate the paths of downloaded files via 'download_ephemeral' and 'download_children'. A remote, authenticated attacker could access arbitrary files subject to file system permissions. Fixed in 1.1.2.