CVE-2026-13385
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the
CVSS
—
No CVSS
EPSS
0.1%
p1
KEV
—
Exploit Today
0
0-100
Published: Jul 15, 2026 · Last modified: Jul 16, 2026 · CWE-295 · CWE-354
0.1%EPSS · 30 days0.1%
2026-07-152026-07-16
An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middle(MITM) user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware ' section on the ASUS Security Advisory for more information.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2023-278239.8 CRI98.9%
——30An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.8dCVE-2024-37278.3 HIG66.7%
——20A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing resource exhaustion, local path traversal, and other attacks.17dCVE-2022-477589.8 CRI62.6%
——19Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.8dCVE-2026-219457.5 HIG54.5%
——16Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and 21.0.9; Oracle GraalVM Enterprise Edition: 21.3.16. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).2dCVE-2023-424259.8 CRI53.5%
——16An issue in Turing Video Turing Edge+ EVC5FD v.1.38.6 allows remote attacker to execute arbitrary code and obtain sensitive information via the cloud connection components.8dCVE-2026-33367.5 HIG51.5%
——15Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer.
Customers of AWS services do not need to take action. Applications using AWS-LC should upgrade to AWS-LC version 1.69.0.2d