All Intelligence

Vulnerabilities

CVE analysis, exploit assessments, and patch guidance for critical security vulnerabilities.

139 items

VulnerabilitiesMalwareCampaignsSupply ChainPolicyTools
highVulnerabilityActive

IoT Administrative Credential Exposure: Factory Default and Weak Authentication Paradigm

IoT devices shipping with administrative credentials or defaulting to admin-level access create a persistent authentication bypass that enables complete device compromise. This represents a fundamental architectural failure in IoT security that affects entire device classes and is difficult to remediate post-deployment.

IoT devices (generic class), Smart home devices, Industrial IoT +1
criticalVulnerabilityEmerging

AirSnitch: Cross-Layer Wi-Fi Desynchronization Enables Full MitM Against All Network Scales

AirSnitch exploits fundamental layer 1-2 binding failures in Wi-Fi to perform bidirectional machine-in-the-middle attacks across home, office, and enterprise networks without requiring network membership or proximity constraints. The attack breaks core 802.11 assumptions about client identity synchronization.

Wi-Fi networks (802.11 standard), Home networks, Office networks +1
criticalVulnerabilityActive

Critical Vulnerabilities in Copeland XWEB Devices Enable Remote Code Execution

Multiple critical vulnerabilities in Copeland XWEB and XWEB Pro devices allow attackers to bypass authentication, cause denial-of-service, memory corruption, and execute arbitrary code, posing significant risks to affected systems.

CVE-2026-25085CVE-2026-21718CVE-2026-24663CVE-2026-21389CVE-2026-25111CVE-2026-20742CVE-2026-24517CVE-2026-25195CVE-2026-20910CVE-2026-24689CVE-2026-25109CVE-2026-20902CVE-2026-24695CVE-2026-25105CVE-2026-24452CVE-2026-23702CVE-2026-25721CVE-2026-20764CVE-2026-25196CVE-2026-25037CVE-2026-22877CVE-2026-20797CVE-2026-3037
Copeland XWEB 300D PRO <=1.12.1, Copeland XWEB 500D PRO <=1.12.1