29 matches found
EUVD-2025-13646
Malicious code in bioql PyPI...
EUVD-2025-13643
Malicious code in bioql PyPI...
EUVD-2025-13651
Malicious code in bioql PyPI...
The vulnerability of the Crestron Automate VX video conference management system, related to the transmission of accounting data in unencrypted form, allows a intruder to disclose the transmitted accounting data and gain unauthorized access to the system.
The vulnerability of the Crestron Automate VX video conference system lies in the transmission of account information in an unencrypted form. Exploiting this vulnerability could allow a malicious actor to disclose the transmitted account information and gain unauthorized access to the system...
CVE-2025-47419
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from...
CVE-2025-47420
266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49...
CVE-2025-47417
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...
CVE-2025-47418
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536...
CVE-2025-47420
266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49...
CVE-2025-47420 User Permissions on Network API
266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49...
CVE-2025-47420 User Permissions on Network API
266 vulnerability in Crestron Automate VX allows Privilege Escalation.This issue affects Automate VX: from 5.6.8161.21536 through 6.4.0.49...
CVE-2025-47420
The CVE-2025-47420 entry applies to Crestron Automate VX, affecting versions 5.6.8161.21536 through 6.4.0.49. The vulnerability is a privilege escalation in the Automate VX component, with a network-exposed attack surface and low privileges required, according to the CVSS data. Remediation guidan...
CVE-2025-47418
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536...
CVE-2025-47419
Cleartext Transmission of Sensitive Information vulnerability in Crestron Automate VX allows Sniffing Network Traffic. The device allows Web UI and API access over non-secure network ports which exposes sensitive information such as user passwords. This issue affects Automate VX: from...
CVE-2025-47419
Crestron Automate VX contains a vulnerability (CVE-2025-47419) where Web UI and API access over non-secure ports allows cleartext transmission of sensitive information, including passwords. Affected firmware ranges are 5.6.8161.21536 through 6.4.0.49. The issue originates from transmitting sensit...
CVE-2025-47417
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...
CVE-2025-47418 Recording
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. There is no visible indication when the system is recording and recording can be enabled remotely via a network API. This issue affects Automate VX: from 5.6.8161.21536...
CVE-2025-47418
CVE-2025-47418 concerns Crestron Automate VX with versions 5.6.8161.21536–6.4.0.49. The issue is Exposure of Sensitive Information to an Unauthorized Actor, arising from a remote web API that enables recording functionality without visible indication. Remote recording can be enabled via a network...
CVE-2025-47417 Enable Debug Images
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Crestron Automate VX allows Functionality Misuse. When Enable Debug Images in Crestron Automate VX is active, snapshots of the captured video or portions thereof are stored locally on the system, and there is no visible...
CVE-2025-47417
Summary: CVE-2025-47417 affects Crestron Automate VX. Versions 5.6.8161.21536 through 6.4.0.49 expose snapshots of captured video when the Enable Debug Images feature is active, stored locally without a visible indicator. This is a data-exposure vulnerability enabling potential information disclo...