NVD Vulnerabilities

Severity Distribution

Publication Trend

Vulnerability Database

CVE ID	Description	Published	Base Score	Attack Vector	Severity	Actions
CVE-2025-41265	Nozomi Networks Labs identified a CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in the Administra...	2026-05-29	8.6	NETWORK	HIGH	NVD
CVE-2026-49201	The upload.cgi binary, responsible for processing device backups, contains a hardcoded AES encryption key. This allows an attacker to decrypt, modify,...	2026-05-29	10.0	NETWORK	CRITICAL	NVD
CVE-2026-46579	A flaw was found in the OpenShift Router. When a Route has `insecureEdgeTerminationPolicy` set to Allow, the HTTP frontend does not remove `X-SSL-Clie...	2026-05-29	7.4	NETWORK	HIGH	NVD
CVE-2026-42965	A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQD...	2026-05-29	7.7	NETWORK	HIGH	NVD
CVE-2026-10078	A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically client_id and client_...	2026-05-29	2.7	NETWORK	LOW	NVD
CVE-2026-49200	The acer_cgi.log file in the device firmware is accessible without authentication via the web interface. This file contains cleartext login credential...	2026-05-29	10.0	NETWORK	CRITICAL	NVD
CVE-2026-49199	Crafted MQTT messages can trigger command injection, resulting in root-level code execution on the target device.	2026-05-29	10.0	NETWORK	CRITICAL	NVD
CVE-2026-49198	Improper access control in the MQTT broker allows wildcard topic subscriptions, exposing all MQTT traffic to unauthorized actors.	2026-05-29	8.3	NETWORK	HIGH	NVD
CVE-2026-49197	Web endpoints intended for the Acer Connect app improperly validate the HTTP Authorization header, failing to block requests when Base64 decoding fail...	2026-05-29	10.0	NETWORK	CRITICAL	NVD
CVE-2026-49196	The Wi-Fi device blocking feature fails to sanitize MAC address input, allowing injection and execution of arbitrary shell commands.	2026-05-29	8.6	NETWORK	HIGH	NVD
CVE-2026-49195	Unauthenticated Debug Service. The /sbin/mtk_dut binary is exposed on TCP port 9000 without authentication, allowing any LAN-based attacker to execute...	2026-05-29	8.7	ADJACENT	HIGH	NVD
CVE-2026-10056	CORS misconfiguration in the REST API of Network Optix Nx Witness VMS before version 6.1.2, when running in the default Standard security mode, on Lin...	2026-05-29	7.5	NETWORK	HIGH	NVD
CVE-2026-10052	A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, whic...	2026-05-29	4.1	NETWORK	MEDIUM	NVD
CVE-2026-6324	A flaw was found in libsoup. A remote attacker could exploit an unsigned to signed conversion error in the `soup_body_input_stream_read_chunked()` fun...	2026-05-29	4.8	NETWORK	MEDIUM	NVD
CVE-2026-8070	Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in...	2026-05-29	7.3	LOCAL	HIGH	NVD

Loading vulnerability details...

Description

EPSS Score

N/A

Exploit Prediction Scoring System

Dates

Published:

Last Modified:

CVSS v3.1 metrics not available for this vulnerability.

CVSS v4.0 metrics not available for this vulnerability.

CVSS v2.0 metrics not available for this vulnerability.

Weakness Information (CWE)

No CWE information available for this vulnerability.

Affected Products

No affected product information available for this vulnerability.

References

No references available for this vulnerability.