VYPR
Vendor

Nerves Hub

Products
2
CVEs
2
Across products
4
Status
Private

Products

2

Recent CVEs

2
  • CVE-2026-28806HigMar 10, 2026
    risk 0.50cvss 8.8epss 0.00

    Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target…

  • CVE-2025-64097Jan 22, 2026
    risk 0.00cvss epss 0.00

    NervesHub is a web service that allows users to manage over-the-air (OTA) firmware updates of devices in the field. A vulnerability present starting in version 1.0.0 and prior to version 2.3.0 allowed attackers to brute-force user API tokens due to the predictable format of…