|
3021
|
7.3 |
HIGH
Network
|
-
|
-
|
Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to …
|
CWE-77
Command Injection
|
CVE-2026-36540
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3022
|
7.3 |
HIGH
Network
|
-
|
-
|
Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the L…
|
CWE-200
Information Exposure
|
CVE-2026-36539
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3023
|
7.3 |
HIGH
Network
|
-
|
-
|
Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacke…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2026-36538
|
2026-05-28 23:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3024
|
6.5 |
MEDIUM
Network
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, pam_usb builds XPath expressions from user-supplied identifiers (PAM username, service name) and dev…
|
CWE-91
Blind XPath Injection
|
CVE-2026-47273
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3025
|
6.3 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, multiple pam_usb helper tools resolved external binaries through the PATH environment variable rathe…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-47274
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3026
|
5.7 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/log.c contains a process-wide static pointer that is written on every PAM invocation with the ad…
|
CWE-362
CWE-476
Race Condition
NULL Pointer Dereference
|
CVE-2026-48066
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3027
|
5.1 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, src/mem.c implemented out-of-memory guards for xmalloc(), xrealloc(), and xstrdup() using assert(dat…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-47271
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3028
|
7.1 |
HIGH
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.0, the pusb_pad_compare() function in src/pad.c only verified that the user-side pad (~/.pamusb/device.…
|
CWE-287
CWE-908
Improper Authentication
Use of Uninitialized Resource
|
CVE-2026-47272
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3029
|
6.7 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/conf.c allocates heap memory proportional to n_devices, a count derived from libxml2 XPath evalu…
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-48065
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3030
|
4.4 |
MEDIUM
Local
|
-
|
-
|
pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.9.1, src/evdev.c silently ignores EACCES errors when opening /dev/input/event* nodes, causing pusb_has_vi…
|
CWE-390
CWE-693
Detection of Error Condition Without Action
Protection Mechanism Failure
|
CVE-2026-48792
|
2026-05-28 22:57 |
2026-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
