Skip to main content
CVE-2026-26368 HIGH POC This Week

eNet Smart Home server versions 2.2.1 and 2.3.1 suffer from missing authorization checks in the resetUserPassword JSON-RPC method, allowing any authenticated low-privileged user to reset passwords for administrative accounts without proper verification. Public exploit code exists for this vulnerability, enabling attackers to achieve immediate privilege escalation and gain full administrative control over the smart home system. No patch is currently available, leaving deployed instances vulnerable to account takeover attacks.

Privilege Escalation Enet Smart Home
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-26367 HIGH POC This Week

eNet Smart Home server versions 2.2.1 and 2.3.1 allow authenticated users to delete arbitrary user accounts through an authorization bypass in the deleteUserAccount JSON-RPC method. Any low-privileged user can submit a crafted request to remove other accounts without elevated permissions, and public exploit code exists for this vulnerability. The impact includes unauthorized account deletion and potential denial of service, with no patch currently available.

Authentication Bypass Enet Smart Home
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2025-32062 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32061 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-32059 HIGH This Week

The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. [CVSS 8.8 HIGH]

RCE Buffer Overflow Stack Overflow
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-1750 HIGH This Week

Ecwid by Lightspeed Ecommerce Shopping Cart (WordPress plugin) versions up to 7.0.7. is affected by improper privilege management (CVSS 8.8).

WordPress Privilege Escalation
NVD
CVSS 3.1
8.8
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy