EUVD-2025-23868

Malicious code in bioql PyPI...

EUVD-2025-20306

Malicious code in bioql PyPI...

EUVD-2025-19198

Malicious code in bioql PyPI...

MAL-2025-37253 Malicious code in ts2c-target-arduino (npm)

The package ts2c-target-arduino was found to contain malicious code...

Malicious code in ts2c-target-arduino (npm)

The package ts2c-target-arduino was found to contain malicious code...

CVE-2025-50740

AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting xss vulnerability. The AutoConnect web interface /ac/config allows HTML/JS code to be executed via a crafted network SSID...

AutoConnect 安全漏洞

AutoConnect is an Arduino library by the individual developer Hieromon Ikasamo. A security vulnerability exists in AutoConnect version 1.4.2, which stems from the AutoConnect web interface /ac/config that allows execution of HTML/JS code in a specially crafted network SSID, potentially leading to...

CVE-2025-50740

AutoConnect 1.4.2, an Arduino library, is vulnerable to a cross site scripting xss vulnerability. The AutoConnect web interface /ac/config allows HTML/JS code to be executed via a crafted network SSID...

PT-2025-32215 · Unknown · Autoconnect

Name of the Vulnerable Software and Affected Versions: AutoConnect version 1.4.2 Description: AutoConnect, an Arduino library, contains a cross-site scripting XSS issue. A crafted network SSID can execute HTML/JS code through the AutoConnect web interface / ac/config. Recommendations: At the...

CVE-2025-50740

CVE-2025-50740 affects AutoConnect 1.4.2 (Arduino library) due to a cross-site scripting (XSS) flaw in the web interface at /_ac/config. A crafted network SSID can cause HTML/JS in the SSID to execute in the user’s browser. Descriptions and PoC indicate an attacker could trigger script execution ...

CVE-2025-53540

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

CVE-2025-49604

For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented...

编号撤回

Realtek Ameba-AIoT ameba-arduino-d and Realtek Ameba-AIoT ameba-rtos-d are both an IoT development board from Realtek Semiconductor Realtek, China. This CVE number has been withdrawn...

CVE-2025-53540

The CVE-2025-53540 entry concerns arduino-esp32 (Arduino core for ESP32/variants). Several OTA update examples and the HTTPUpdateServer allow POST requests without CSRF protection, enabling an attacker to upload arbitrary firmware and achieve remote code execution (RCE). Affected versions are pri...

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

PT-2025-28253 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.2.1 Description: The issue affects several OTA update examples and the HTTPUpdateServer implementation in the arduino-esp32 core, allowing an attacker to upload and execute arbitrary firmware due to a lack of...

arduino-esp32 跨站请求伪造漏洞

arduino-esp32 is an Espressif open source Arduino kernel for ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2. A cross-site request forgery vulnerability exists in arduino-esp32 versions prior to 3.2.1, which stems from an update endpoint accepting a POST request without CSRF protection...

CVE-2025-53007

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...