CVE-2026-32295 is a high-severity vulnerability in JetKVM, a KVM device, which did not rate limit login requests prior to version 0.5.4. This oversight enables attackers to perform brute-force attempts to guess credentials. The vulnerability was publicly disclosed on March 17, 2026, and was modified on March 24, 2026. The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 7.5, indi [truncated]
CVE-2026-32294 is a medium-severity vulnerability affecting JetKVM, a KVM solution. The vulnerability arises from the lack of authenticity verification for downloaded firmware files in JetKVM versions prior to 0.5.4. This oversight allows an attacker-in-the-middle or a compromised update server to modify the firmware and its corresponding SHA256 hash, thereby passing verification. The vulnerability was pu [truncated]
