CVE-2024-55019 - Incorrect access control in the component download_wb.cgi of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows unauthenticated attack to download arbitrary files.
Published: March 03, 2026; 3:16:40 PM -0500

V3.1: 7.5 HIGH

CVE-2024-55020 - A command injection vulnerability in the DHCP activation feature of Weintek cMT-3072XH2 easyweb Web Version v2.1.53, OS v20231011 allows attackers to execute arbitrary commands with root privileges.
Published: March 03, 2026; 3:16:40 PM -0500

CVE-2024-55024 - An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
Published: March 03, 2026; 3:16:41 PM -0500

V3.1: 9.8 CRITICAL

CVE-2024-55025 - Incorrect access control in the VNC component of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to access the HMI system.
Published: March 03, 2026; 3:16:41 PM -0500

CVE-2024-55026 - An issue in the reset_pj.cgi endpoint of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to execute arbitrary commands via supplying a crafted GET request.
Published: March 03, 2026; 3:16:41 PM -0500

V3.1: 9.8 CRITICAL

CVE-2026-28270 - Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file ty... read CVE-2026-28270
Published: February 27, 2026; 4:16:18 PM -0500

V3.1: 7.2 HIGH

CVE-2026-28271 - Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks configuration functionality allows bypassing of SSRF protections through DNS rebinding attacks. Malicious administrators could exploit this to access i... read CVE-2026-28271
Published: February 27, 2026; 4:16:18 PM -0500

V3.1: 6.5 MEDIUM

CVE-2026-28272 - Kiteworks is a private data network (PDN). Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes ... read CVE-2026-28272
Published: February 27, 2026; 4:16:18 PM -0500

V3.1: 4.8 MEDIUM

CVE-2026-3342 - An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow an authenticated privileged administrator to execute arbitrary code with root permissions via an exposed management interface. This vulnerability affects Fireware OS 11.9 up... read CVE-2026-3342
Published: March 03, 2026; 9:15:56 AM -0500

V3.1: 7.2 HIGH

CVE-2025-28164 - Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via png_create_read_struct() function.
Published: January 27, 2026; 11:16:14 AM -0500

CVE-2026-3343 - A reflected cross-site scripting (XSS) vulnerability in the Fireware OS Web UI enabled execution of malicious JavaScript in the context of an authenticated management user's browser when they click on a specially crafted link. This vulnerability ... read CVE-2026-3343
Published: March 03, 2026; 9:15:57 AM -0500

V3.1: 6.1 MEDIUM

CVE-2026-3344 - A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and i... read CVE-2026-3344
Published: March 03, 2026; 9:15:57 AM -0500

V3.1: 4.9 MEDIUM

CVE-2025-47371 - Transient DOS when an LTE RLC packet with invalid TB is received by UE.
Published: March 02, 2026; 12:16:23 PM -0500

V3.1: 6.5 MEDIUM

CVE-2025-47383 - Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.
Published: March 02, 2026; 12:16:26 PM -0500

V3.1: 7.2 HIGH

CVE-2026-27482 - Ray is an AI compute engine. In versions 2.53.0 and below, thedashboard HTTP server blocks browser-origin POST/PUT but does not cover DELETE, and key DELETE endpoints are unauthenticated by default. If the dashboard/agent is reachable (e.g., --das... read CVE-2026-27482
Published: February 21, 2026; 5:16:12 AM -0500

V3.1: 6.5 MEDIUM

CVE-2024-55027 - Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 was discovered to stroe credentials in plaintext in the component uac_temp.db.
Published: March 03, 2026; 3:16:41 PM -0500

CVE-2025-44141 - A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.
Published: June 26, 2025; 12:15:28 PM -0400

CVE-2025-13490 - IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 ... read CVE-2025-13490
Published: March 03, 2026; 3:16:42 PM -0500

V3.1: 5.9 MEDIUM

CVE-2025-13734 - IBM Engineering Requirements Management DOORS Next 7.1, and 7.2 could allow an authenticated user to view and edit data beyond their authorized access permissions.
Published: March 03, 2026; 3:16:42 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-47373 - Memory Corruption when accessing buffers with invalid length during TA invocation.
Published: March 02, 2026; 12:16:23 PM -0500

V3.1: 7.8 HIGH