VARIoT IoT vulnerabilities database
| VAR-202606-3962 | CVE-2026-47339 | Apache Software Foundation of APISIX Fraud related to unauthorized authentication in |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
Incorrect Authorization vulnerability in Apache APISIX.
An attacker can capitalise on authz-casdoor plugin under default configuration to authenticate themselves with credentials from a different source.
This issue affects Apache APISIX: from 2.14.1 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue. An attacker could exploit the default settings. This is a problem. 3.17.0 We recommend that you upgrade to .- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software will not stop
| VAR-202606-3918 | CVE-2026-44915 | Apache Software Foundation of APISIX Open redirect vulnerability in |
CVSS V2: - CVSS V3: 6.1 Severity: MEDIUM |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX.
The default configuration of cas-auth in Apache APISIX is vulnerable to phishing and credential theft.
This issue affects Apache APISIX: from 3.0.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue. Apache APISIX This includes accessing untrusted sites. 3.17.0 We recommend that you upgrade to .- Some of the information handled by the software may be leaked to external parties. - Some of the information handled by the software may be overwritten. - The software will not stop
| VAR-202606-3793 | CVE-2026-44087 | Apache Software Foundation of APISIX Inadequate validation of data reliability in |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
Insufficient Verification of Data Authenticity vulnerability in Apache APISIX.
The openid-connect plugin under default configuration has an attack surface that allows the attacker to spoof identity headers allowing the attacker to get unauthorized access the protected resources.
This issue affects Apache APISIX: from 2.3 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue. 3.17.0 It is recommended to upgrade to .- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software will not stop
| VAR-202606-3794 | CVE-2026-44046 | Apache Software Foundation of APISIX Vulnerability in using untrusted sources |
CVSS V2: - CVSS V3: 5.8 Severity: MEDIUM |
Use of Less Trusted Source vulnerability in Apache APISIX.
Attacker can take advantage of wolf-rbac plugin under default configuration to potentially pollute logs with spoofed identity information and exploit IP based access control rules.
This issue affects Apache APISIX: from 1.2.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue. An attacker could exploit this vulnerability in the default settings. 3.17.0 It is recommended to upgrade to .• The information handled by this software will not be leaked to external parties. • Some of the information handled by this software may be rewritten. • This software will not stop
| VAR-202606-3795 | CVE-2026-39999 | Apache Software Foundation of APISIX Spoofing authentication evasion vulnerability in |
CVSS V2: - CVSS V3: 9.1 Severity: CRITICAL |
Authentication Bypass by Spoofing vulnerability in Apache APISIX.
The attacker can completely bypass authentication capitalising on certain configurations of jwt-auth plugin.
This issue affects Apache APISIX: from v2.2 through v3.16.0.
Users are recommended to upgrade to version v3.17.0, which fixes the issue. v3.17.0 We recommend that you upgrade to .- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software will not stop
| VAR-202606-3919 | CVE-2026-39998 | Apache Software Foundation of APISIX Input verification vulnerability in |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
Improper Input Validation vulnerability in Apache APISIX.
The attacker can take advantage of certain configuration in forward-auth plugin to spoof identity headers.
This issue affects Apache APISIX: from 2.12.0 through 3.16.0.
Users are recommended to upgrade to version 3.17.0, which fixes the issue. 3.17.0 It is recommended to upgrade to .- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-3748 | CVE-2026-12390 |
CVSS V2: - CVSS V3: 7.8 Severity: HIGH |
In AzeoTech DAQFactory versions 21.1 and prior, a Type Confusion vulnerability can be exploited by an attacker using specially crafted .ctl files which can result in code execution.
| VAR-202606-4065 | CVE-2026-20246 | Cisco Systems Umbrella Virtual Appliance Vulnerability in privilege management in |
CVSS V2: - CVSS V3: 6.0 Severity: MEDIUM |
A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device.
This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this vulnerability by using certain commands at the CLI. A successful exploit could allow the attacker to elevate privileges to root. root You will be promoted.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software will not stop
| VAR-202606-3945 | CVE-2026-11410 | TP-LINK Technologies of TL-WR940N in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
An authenticated OS command injection vulnerability exists in the BigPond Cable (BPA) WAN configuration module in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. OS A command injection vulnerability exists. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-3835 | CVE-2026-11409 | TP-LINK Technologies of TL-WR940N in the firmware OS Command injection vulnerability |
CVSS V2: - CVSS V3: 7.2 Severity: HIGH |
An authenticated OS command injection vulnerability exists in the IPv6 PPPoE configuration handler in TL-WR940N v6 due to improper sanitization of user input. An attacker with administrative access may exploit this issue to execute arbitrary system commands with elevated privileges. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-1203 | CVE-2026-20262 | Cisco Systems Cisco Catalyst SD-WAN Manager Past traversal vulnerability in |
CVSS V2: - CVSS V3: 6.5 Severity: MEDIUM |
A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system.
This vulnerability exists because the affected software does not properly validate user-supplied input during a file upload process. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected API endpoint of the affected system. A successful exploit could allow the attacker to create or overwrite any file on the underlying operating system. This file could later be used to elevate to root. To exploit this vulnerability, the attacker must have valid credentials with at least a lower-privileged, single-task user account. An attacker could use a specially crafted... root This vulnerability can be used to escalate privileges. • All information handled by this software may be overwritten. • This software will not stop
| VAR-202606-0848 | CVE-2026-12174 | D-Link Corporation of DCS-935L Multiple vulnerabilities in firmware |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: High |
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The exploit is publicly available and could be misused.- All information handled by the software may be leaked to external parties. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-2782 | CVE-2026-9213 | of netgear MR70 FIRMWARE Vulnerabilities related to input confirmation in multiple products such as |
CVSS V2: - CVSS V3: 8.1 Severity: HIGH |
A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-1905 | CVE-2026-9212 | of netgear LBR1020 Multiple vulnerabilities in multiple products, including firmware |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-3957 | CVE-2026-9211 | of netgear CAX30 Vulnerabilities related to input validation in multiple products, such as firmware |
CVSS V2: - CVSS V3: 8.8 Severity: HIGH |
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-2783 | CVE-2026-9210 | of netgear EX3700 Vulnerabilities related to input validation in multiple products, such as firmware |
CVSS V2: - CVSS V3: 4.5 Severity: MEDIUM |
Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. • All information handled by this software may be overwritten. • This software will not stop
| VAR-202606-4111 | CVE-2026-45591 | Microsoft's .NET Vulnerabilities related to resource exhaustion in multiple products, including |
CVSS V2: - CVSS V3: 7.5 Severity: HIGH |
Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network. - No information handled by the software will be rewritten. - The software may completely shut down
| VAR-202606-2971 | CVE-2026-0420 | of netgear RAX120 Vulnerabilities related to flaws in encryption processing across multiple products, including firmware. |
CVSS V2: - CVSS V3: 5.9 Severity: MEDIUM |
An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle (MiTM) style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models. This vulnerability allows an attacker to carry out a man-in-the-middle attack that could affect the confidentiality of the product. MiTM This vulnerability may allow the execution of the following actions. NETGEAR This will affect the model.- All information handled by the software may be leaked to external parties. - No rewriting will occur to the information handled by the software. - The software will not stop
| VAR-202606-3571 | CVE-2026-0419 | of netgear JR6150 Firmware Input Validation Vulnerability |
CVSS V2: - CVSS V3: 8.0 Severity: HIGH |
Insufficient input validation in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no
further security updates are planned. NETGEAR strongly recommends
replacing these devices with newer NETGEAR models to ensure continued
security support and updates.
This vulnerability has been identified through firmware emulation in a controlled research environment and has not been verified on production hardware. - All information handled by the software may be overwritten. - The software may completely shut down
| VAR-202606-2314 | CVE-2026-0418 | of netgear CBR750 Multiple vulnerabilities in multiple products, including firmware |
CVSS V2: - CVSS V3: 4.5 Severity: Medium |
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network
to tamper with the system. • All information handled by this software may be overwritten. • This software will not stop