Total CVEs

142,398

Critical Severity

3,966

High Severity

14,271

Last 7 Days

1,816
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 8,521 - 8,540 of 38,803 CVEs
CVE-2026-50207 HIGH - 7.8

The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-3820 HIGH - 7.2

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR.  An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process i...

Published: Jun 04, 2026
Source: NVD
CVE-2026-50206 MEDIUM - 6.8

Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-50205 HIGH - 8.2

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49204 MEDIUM - 6.5

Leftover debug modules contain fixed credentials for internal AWS Cognito test sandboxes, risking asset exploitation.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49203 HIGH - 8.3

Crucial management API endpoints for cellular eSIM allocation do not validate caller authorization, allowing remote profiles to be rewritten or deleted.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49202 HIGH - 8.6

Internal multimedia session archives are accessible without authentication, exacerbated by loose Cross-Origin Resource Sharing (CORS) rules that allow cross-site theft.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49194 HIGH - 8.8

The debugging routine SCREEN_CLICK(5053) enables a connection to skip the standard device login prompt entirely and directly enter an interactive shell interface.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49193 HIGH - 7.5

Overly permissive configuration settings on cloud storage containers expose active telemetry information publicly to the internet.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49192 MEDIUM - 5.4

The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49191 CRITICAL - 9.8

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49190 HIGH - 8.8

The system fails to evaluate instructional permissions over multiple internal operation codes (opcodes), permitting unauthorized application installations or command executions.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-50219 MEDIUM - 4.9

libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur,

Vendor: libexpat project
Product: libexpat
Published: Jun 04, 2026
Source: NVD
CVE-2026-49189 HIGH - 7.8

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49188 CRITICAL - 9.8

The ai_cmd utility executes with full root permissions. It pipes socket inputs directly to popen(), paving the way for unauthenticated users to execute arbitrary root commands.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49187 HIGH - 7.5

The hard-coded APK resource files never expire, and the shared scepter leads to information leaks and potential misuse.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-10805 MEDIUM - 6.7

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description (MUD) URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD U...

Published: Jun 04, 2026
Source: NVD
CVE-2026-49186 CRITICAL - 9.8

The local MQTT broker does not enforce topic-level Access Control Lists (ACLs). This allows any client to subscribe using wildcard characters (# or +) to enumerate hidden network devices or publish rogue control commands.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-49185 CRITICAL - 9.8

The FieldX MDM adb messaging topic passes unverified payloads directly into Runtime.exec(), allowing command/instruction injection.

Vendor: Acer
Product: Connect M6E 5G Portable WiFi Router
Published: Jun 04, 2026
Source: NVD
CVE-2026-48681 MEDIUM - 5.9

OpenStack Ironic through before 35.0.2 allows file overwrite via directory traversal during deployment with a crafted ISO image.

Vendor: OpenStack
Product: Ironic
Published: Jun 04, 2026
Source: NVD