CVE-2026-50214

Same vendor

• CVE-2026-50226 — Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers (5.3 MEDIUM)
• CVE-2026-50225 — The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database (9.1 CRITICAL)
• CVE-2026-50224 — The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making int... (4.9 MEDIUM)
• CVE-2026-50213 — The account validation endpoint /v1/User/validate returns comprehensive user profile data sheets, which can be crawled by iterating predi... (7.5 HIGH)
• CVE-2026-50212 — Weak validation logic within device dissociation API routines allows a remote entity to forcefully unbind unrelated user endpoints, causi... (6.5 MEDIUM)

Same CWE

• CVE-2026-46539 — Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm (5.9 MEDIUM)
• CVE-2026-7792 — The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insuf... (5.3 MEDIUM)
• CVE-2026-8608 — The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Au... (5.3 MEDIUM)
• CVE-2022-4992 — Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors versions VG4.1.1, VG4.0.3, and lower (with VG4.2 partiall... (8.6 HIGH)
• CVE-2026-41577 — authentik is an open-source identity provider (7.5 HIGH)