CVE-2026-3564 - ScreenConnect Instance Level Cryptographic Material Exposure
CVE ID :CVE-2026-3564
Published : March 17, 2026, 3:16 p.m. | 3 hours, 31 minutes ago
Description :A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-3564
Published : March 17, 2026, 3:16 p.m. | 3 hours, 31 minutes ago
Description :A condition in ScreenConnect may allow an actor with access to server-level cryptographic material used for authentication to obtain unauthorized access, including elevated privileges, in certain scenarios.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4318 - UTT HiPER 810G formApLbConfig strcpy buffer overflow
CVE ID :CVE-2026-4318
Published : March 17, 2026, 3:16 p.m. | 3 hours, 31 minutes ago
Description :A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4318
Published : March 17, 2026, 3:16 p.m. | 3 hours, 31 minutes ago
Description :A vulnerability was determined in UTT HiPER 810G up to 1.7.7-171114. Affected is the function strcpy of the file /goform/formApLbConfig. This manipulation of the argument loadBalanceNameOld causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21886 - OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities
CVE ID :CVE-2026-21886
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this mutation can be misused to delete unrelated and sensitive objects such as analyses reports etc. This behavior stems from the lack of validation in the API to ensure that the targeted object is contextually related to the mutation being executed. Version 6.9.1 fixes the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21886
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.9.1, the GraphQL mutations "IndividualDeletionDeleteMutation" is intended to allow users to delete individual entity objects respectively. However, it was observed that this mutation can be misused to delete unrelated and sensitive objects such as analyses reports etc. This behavior stems from the lack of validation in the API to ensure that the targeted object is contextually related to the mutation being executed. Version 6.9.1 fixes the issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-23759 - Perle IOLAN STS/SCS Authenticated Command Injection via 'shell ps'
CVE ID :CVE-2026-23759
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-23759
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :Perle IOLAN STS/SCS terminal server models with firmware versions prior to 6.0 allow authenticated OS command injection via the restricted shell accessed over Telnet or SSH. The shell 'ps' command does not perform proper argument sanitization and passes user-supplied parameters into an 'sh -c' invocation running as root. An authenticated attacker who can log in to the device can inject shell metacharacters after the 'ps' subcommand to execute arbitrary OS commands with root privileges, leading to full compromise of the underlying operating system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-24901 - Outline's IDOR allows unauthorized viewing and seizing of private deleted drafts
CVE ID :CVE-2026-24901
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-24901
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :Outline is a service that allows for collaborative documentation. Prior to 1.4.0, an Insecure Direct Object Reference (IDOR) vulnerability in the document restoration logic allows any team member to unauthorizedly restore, view, and seize ownership of deleted drafts belonging to other users, including administrators. By bypassing ownership validation during the restore process, an attacker can access sensitive private information and effectively lock the original owner out of their own content. Version 1.4.0 fixes the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-28506 - Outline's Information Disclosure in Activity Logs allows User Enumeration of Private Drafts
CVE ID :CVE-2026-28506
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user's actual permissions on those documents. While the document content is not directly exposed, this vulnerability leaks sensitive metadata (such as Document IDs, user activity timestamps, and in some specific cases like the Document Title of Permanent Delete). Crucially, leaking valid Document IDs of deleted drafts removes the protection of UUID randomness, making High-severity IDOR attacks (such as the one identified in documents.restore) trivially exploitable by lowering the attack complexity. Version 1.5.0 fixes the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-28506
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :Outline is a service that allows for collaborative documentation. Prior to 1.5.0, the events.list API endpoint, used for retrieving activity logs, contains a logic flaw in its filtering mechanism. It allows any authenticated user to retrieve activity events associated with documents that have no collection (e.g., Private Drafts, Deleted Documents), regardless of the user's actual permissions on those documents. While the document content is not directly exposed, this vulnerability leaks sensitive metadata (such as Document IDs, user activity timestamps, and in some specific cases like the Document Title of Permanent Delete). Crucially, leaking valid Document IDs of deleted drafts removes the protection of UUID randomness, making High-severity IDOR attacks (such as the one identified in documents.restore) trivially exploitable by lowering the attack complexity. Version 1.5.0 fixes the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4147 - Stack memory disclosure in filemd5 command
CVE ID :CVE-2026-4147
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4147
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-4148 - ExpressionContext use-after-free in classic engine $lookup and $graphLookup aggregation operators
CVE ID :CVE-2026-4148
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-4148
Published : March 17, 2026, 4:16 p.m. | 2 hours, 31 minutes ago
Description :A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25771 - Wazuh Vulnerable to Denial of Service via Synchronous I/O Blocking in Asynchronous Authentication Middleware
CVE ID :CVE-2026-25771
Published : March 17, 2026, 6:08 p.m. | 38 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous event loop (Starlette/Asyncio) to call a synchronous function (`generate_keypair`) that performs blocking disk I/O on every request containing a Bearer token. An unauthenticated remote attacker can exploit this by flooding the API with requests containing invalid Bearer tokens. This forces the single-threaded event loop to pause for file read operations repeatedly, starving the application of CPU resources and potentially preventing it from accepting or processing legitimate connections. Version 4.14.3 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25771
Published : March 17, 2026, 6:08 p.m. | 38 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.3.0 and prior to version 4.14.3, a Denial of Service (DoS) vulnerability exists in the Wazuh API authentication middleware (`middlewares.py`). The application uses an asynchronous event loop (Starlette/Asyncio) to call a synchronous function (`generate_keypair`) that performs blocking disk I/O on every request containing a Bearer token. An unauthenticated remote attacker can exploit this by flooding the API with requests containing invalid Bearer tokens. This forces the single-threaded event loop to pause for file read operations repeatedly, starving the application of CPU resources and potentially preventing it from accepting or processing legitimate connections. Version 4.14.3 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25772 - Wazuh Database Synchronization Vulnerable to Stack-based Buffer Overflow via snprintf Integer Underflow
CVE ID :CVE-2026-25772
Published : March 17, 2026, 6:11 p.m. | 36 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exceeds the size of the query buffer (2048 bytes), the size calculation wraps around to a massive integer, effectively removing bounds checking for subsequent writes. This allows an attacker to corrupt the stack, leading to a Denial of Service (DoS) or potentially RCE. Version 4.14.3 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25772
Published : March 17, 2026, 6:11 p.m. | 36 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.14.3, a stack-based buffer overflow vulnerability exists in the Wazuh Database synchronization module (`wdb_delta_event.c`). The SQL query construction logic allows for an integer underflow when calculating the remaining buffer size. This occurs because the code incorrectly aggregates the return value of `snprintf`. If a specific database synchronization payload exceeds the size of the query buffer (2048 bytes), the size calculation wraps around to a massive integer, effectively removing bounds checking for subsequent writes. This allows an attacker to corrupt the stack, leading to a Denial of Service (DoS) or potentially RCE. Version 4.14.3 fixes the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21570 - Atlassian Bamboo Data Center Remote Code Execution Vulnerability
CVE ID :CVE-2026-21570
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system. Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24 Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16 Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Atlassian (Internal) program.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-21570
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 9.6.0, 10.0.0, 10.1.0, 10.2.0, 11.0.0, 11.1.0, 12.0.0, and 12.1.0 of Bamboo Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.6, allows an authenticated attacker to execute malicious code on the remote system. Atlassian recommends that Bamboo Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bamboo Data Center 9.6: Upgrade to a release greater than or equal to 9.6.24 Bamboo Data Center 10.2: Upgrade to a release greater than or equal to 10.2.16 Bamboo Data Center 12.1: Upgrade to a release greater than or equal to 12.1.3 See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center from the download center ([https://www.atlassian.com/software/bamboo/download-archives]). This vulnerability was reported via our Atlassian (Internal) program.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25534 - Spinnaker clouddriver and orca URL validation bypass via underscores in hostnames
CVE ID :CVE-2026-25534
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) through the use of carefully crafted URLs. Note, Spinnaker found this not just in that CVE, but in the existing URL validations in Orca fromUrl expression handling. This CVE impacts BOTH artifacts as a result. ### Patches This has been merged and will be available in versions 2025.4.1, 2025.3.1, 2025.2.4 and 2026.0.0. ### Workarounds You can disable the various artifacts on this system to work around these limits.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25534
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916) through the use of carefully crafted URLs. Note, Spinnaker found this not just in that CVE, but in the existing URL validations in Orca fromUrl expression handling. This CVE impacts BOTH artifacts as a result. ### Patches This has been merged and will be available in versions 2025.4.1, 2025.3.1, 2025.2.4 and 2026.0.0. ### Workarounds You can disable the various artifacts on this system to work around these limits.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25769 - Wazuh Cluster vulnerable to Remote Code Execution via Insecure Deserialization
CVE ID :CVE-2026-25769
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25769
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Versions 4.0.0 through 4.14.2 have a Remote Code Execution (RCE) vulnerability due to Deserialization of Untrusted Data). All Wazuh deployments using cluster mode (master/worker architecture) and any organization with a compromised worker node (e.g., through initial access, insider threat, or supply chain attack) are impacted. An attacker who gains access to a worker node (through any means) can achieve full RCE on the master node with root privileges. Version 4.14.3 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25770 - Wazuh has Privilege Escalation to Root via Cluster Protocol File Write
CVE ID :CVE-2026-25770
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticated nodes to write arbitrary files to the manager’s file system with the permissions of the `wazuh` system user. Due to insecure default permissions, the `wazuh` user has write access to the manager's main configuration file (`/var/ossec/etc/ossec.conf`). By leveraging the cluster protocol to overwrite `ossec.conf`, an attacker can inject a malicious `` command block. The `wazuh-logcollector` service, which runs as root, parses this configuration and executes the injected command. This chain allows an attacker with cluster credentials to gain full Root Remote Code Execution, violating the principle of least privilege and bypassing the intended security model. Version 4.14.3 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-25770
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 3.9.0 and prior to version 4.14.3, a privilege escalation vulnerability exists in the Wazuh Manager's cluster synchronization protocol. The `wazuh-clusterd` service allows authenticated nodes to write arbitrary files to the manager’s file system with the permissions of the `wazuh` system user. Due to insecure default permissions, the `wazuh` user has write access to the manager's main configuration file (`/var/ossec/etc/ossec.conf`). By leveraging the cluster protocol to overwrite `ossec.conf`, an attacker can inject a malicious `` command block. The `wazuh-logcollector` service, which runs as root, parses this configuration and executes the injected command. This chain allows an attacker with cluster credentials to gain full Root Remote Code Execution, violating the principle of least privilege and bypassing the intended security model. Version 4.14.3 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32290 - GL-iNet Comet (GL-RM1) KVM insufficient firmware verification
CVE ID :CVE-2026-32290
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32290
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM does not sufficiently verify the authenticity of uploaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding MD5 hash to pass verification.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32291 - GL-iNet Comet (GL-RM1) KVM unauthenticated root access via UART serial console
CVE ID :CVE-2026-32291
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32291
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32292 - GL-iNet Comet (GL-RM1) KVM insufficient login rate-limiting
CVE ID :CVE-2026-32292
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32292
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM web interface does not limit login requests, enabling brute-force attempts to guess credentials.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32293 - GL-iNet Comet (GL-RM1) KVM insufficient certificate validation
CVE ID :CVE-2026-32293
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32293
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :The GL-iNet Comet (GL-RM1) KVM connects to a GL-iNet site during boot-up to provision client and CA certificates. The GL-RM1 does not verify certificates used for this connection, allowing an attacker-in-the-middle to serve invalid client and CA certificates. The GL-RM1 will attempt to use the invalid certificates and fail to connect to the legitimate GL-iNet KVM cloud service.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32294 - JetKVM insufficient firmware verification
CVE ID :CVE-2026-32294
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32294
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :JetKVM prior to 0.5.4 does not verify the authenticity of downloaded firmware files. An attacker-in-the-middle or a compromised update server could modify the firmware and the corresponding SHA256 hash to pass verification.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32295 - JetKVM insufficient login rate limiting
CVE ID :CVE-2026-32295
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32295
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :JetKVM before 0.5.4 does not rate limit login requests, enabling brute-force attempts to guess credentials.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-32296 - Sipeed NanoKVM unauthenticated Wi-Fi configuration endpoint
CVE ID :CVE-2026-32296
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID :CVE-2026-32296
Published : March 17, 2026, 6:16 p.m. | 31 minutes ago
Description :Sipeed NanoKVM before 2.3.1 exposes a Wi-Fi configuration endpoint without proper security checks, allowing an unauthenticated attacker with network access to change the saved configured Wi-Fi network to one of the attacker's choosing, or craft a request to exhaust the system memory and terminate the KVM process.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...