239 matches found
EUVD-2025-19647
Malicious code in bioql PyPI...
EUVD-2025-19640
Malicious code in bioql PyPI...
EUVD-2025-19641
Malicious code in bioql PyPI...
EUVD-2025-19642
Malicious code in bioql PyPI...
EUVD-2025-19643
Malicious code in bioql PyPI...
EUVD-2025-19631
Malicious code in bioql PyPI...
EUVD-2024-31208
Malicious code in bioql PyPI...
EUVD-2024-31209
Malicious code in bioql PyPI...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-50110
CVE-2025-50110 affects AVTECH EagleEyes Lite 2.0.0. The GetHttpsResponse method transmits sensitive data (internal server URLs, account IDs, passwords, device tokens) as plaintext in URL query parameters over HTTPS, creating a cleartext leakage risk and credential exposure. The vulnerability is d...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-46408
CVE-2025-46408 affects AVTECH EagleEyes 2.0.0. The vulnerability arises in AVTECH’s code paths push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient, where the code calls ALLOW_ALL_HOSTNAME_VERIFIER, bypassing hostname/domain validation during ...
PT-2025-37565
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes Lite version 2.0.0 Description: The GetHttpsResponse method transmits sensitive information – including internal server URLs, account IDs, passwords, and device tokens – as plaintext query parameters over HTTPS. The affected...
PT-2025-37564
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: An issue was discovered in the GetHttpsResponse method of push.lite.avtech.com.AvtechLib and the getNewHttpClient method of push.lite.avtech.com.Push HttpService. These methods set ALLOW ALL HOSTNAM...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...