1991 matches found
CVE-2025-2344
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The...
CVE-2025-2355
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...
CVE-2025-2355 BlackVue App API Endpoint credentials storage
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...
CVE-2025-2355 BlackVue App API Endpoint credentials storage
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCSTOKEN/SECRETKEY leads to unprotected storage of credentials. Local access is...
CVE-2025-2355
The CVE-2025-2355 entry concerns BlackVue App 3.65 on Android. The vulnerability affects an unknown portion of the API Endpoint Handler where manipulating BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is required, and public disclosure of the exploit is indicated....
CVE-2025-2344 IROAD Dash Cam X5/Dash Cam X6 API Endpoint missing authentication
A vulnerability, which was classified as critical, has been found in IROAD Dash Cam X5 and Dash Cam X6 up to 20250308. Affected by this issue is some unknown functionality of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remotely. The...
CVE-2025-2344
CVE-2025-2344 affects IROAD Dash Cam X5 and X6, where an API Endpoint with missing authentication (access control error) enables remote exploitation. Public descriptions consistently note a critical classification and remote abuse potential, but do not provide concrete remediation details in the ...
CVE-2025-2342
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2025-2342 IROAD X5 Mobile App API Endpoint hard-coded credentials
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2025-2342 IROAD X5 Mobile App API Endpoint hard-coded credentials
A vulnerability classified as critical has been found in IROAD X5 Mobile App up to 5.2.5 on Android. Affected is an unknown function of the component API Endpoint. The manipulation leads to hard-coded credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2025-29995
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-25711
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the /tnexus/rest/admin/updateUser API endpoint...
CVE-2025-29998
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP...
CVE-2025-29995
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targete...
CVE-2025-29994
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...
CVE-2025-29998 No Rate Limiting Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP...
CVE-2025-29998
CVE-2025-29998 affects the CAP back office application. The vulnerability arises from missing rate limiting on OTP requests in a vulnerable API endpoint, allowing an authenticated remote attacker to trigger repeated OTP requests and cause OTP bombing/flooding on the targeted system. Connected sou...
CVE-2025-29998 No Rate Limiting Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP...
CVE-2025-29994
CVE-2025-29994 affects the CAP back office application. The root cause is an improper authentication check at an API endpoint, allowing an unauthenticated remote attacker with a valid login ID to manipulate API input parameters via URL/payload and gain unauthorized access to other user accounts. ...
CVE-2025-29994 Improper Authentication Vulnerability in CAP back office application
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to...