Export limit exceeded: 355872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 355872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 355872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 355872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (26 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2026-50212 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 6.5 Medium
Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causing severe denial of service.
CVE-2026-50213 1 Acer 3 Connect M6e 5g, Connect M6e 5g Firmware, Connect M6e 5g Portable Wifi Router 2026-06-05 7.5 High
The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predictable identification strings.
CVE-2026-50214 1 Acer 1 Connect M6e 5g Portable Wifi Router 2026-06-05 N/A
The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans.
CVE-2026-50224 1 Acer 1 Connect M6e 5g Portable Wifi Router 2026-06-05 N/A
The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN.
CVE-2026-50225 1 Acer 1 Connect M6e 5g Portable Wifi Router 2026-06-05 N/A
The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database.
CVE-2026-50226 1 Acer 1 Connect M6e 5g Portable Wifi Router 2026-06-05 N/A
Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links.