Common Vulnerabilities and Exposures (CVE)

CVE-2026-50214

Jun 4, 2026 09:20:37 UTC

The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.

In affected versions of Octopus Server, permissions were not checked correctly resulting in any authenticated user being able to make server level changes using a certain API endpoint despite receiving an error.

CVE-2025-62581

Jun 4, 2026 08:28:41 UTC

Delta Electronics DIAView has multiple vulnerabilities.

CVE-2025-62582

Jun 4, 2026 08:26:58 UTC

Delta Electronics DIAView has multiple vulnerabilities.

CVE-2026-3820

Jun 4, 2026 08:07:57 UTC

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the under...

CVE-2026-50213

Jun 4, 2026 07:39:21 UTC

The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.

CVE-2026-50212

Jun 4, 2026 07:32:55 UTC

Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.

CVE-2026-50211

Jun 4, 2026 07:28:12 UTC

Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers.

CVE-2026-50210

Jun 4, 2026 07:22:44 UTC

The device encrypts data using AES-CBC with static zero-filled Initialization Vectors (IVs), making it susceptible to replay attacks and known-plaintext decryption.

CVE-2026-50209

Jun 4, 2026 07:17:54 UTC

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker.

CVE-2025-11960

Jun 4, 2026 07:14:14 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryom Software High Technology Systems Inc. KVKNET allows Reflected XSS. This issue affects KVKNET: before 2.1.8.

CVE-2025-11962

Jun 4, 2026 07:13:02 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Digital Corporate Warehouse allows Stored XSS. This issue affects Digital Corporate Wareh...

CVE-2025-11963

Jun 4, 2026 07:10:04 UTC

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities allows Reflected XSS. This issue affects StarCities: before 1.1.61.

CVE-2026-50208

Jun 4, 2026 07:09:45 UTC

High-risk TrustAllCerts routines disable standard TLS certificate validation. Combined with hard-coded DES symmetric encryption keys, a Man-in-the-Middle (MITM) actor could decrypt network traffic.

CVE-2025-12059

Jun 4, 2026 07:08:51 UTC

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Logo Software Industry and Trade Inc. Logo j-Platform allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affe...

Page: 2