CVE-2025-21447

Memory corruption may occur while processing device IO control call for session control...

CVE-2025-21447 Improper Validation of Array Index in Computer Vision

Memory corruption may occur while processing device IO control call for session control...

Qualcomm Chipsets 输入验证错误漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. An input validation error vulnerability exists in Qualcomm Chipsets, which stems from a possible memory corruption when handling device IO control calls...

The vulnerability of the web interface of Moxa network device software for models EDF-G1002-BP, EDR-810, EDR-8010, EDR-G9004, EDR-G9010, NAT-102, TN-4900, and OnCell G4302-LTE4 allows a perpetrator to execute arbitrary commands through NTP settings, thereby gaining full control over the device.

The vulnerability of the web interface of Moxa network devices of the EDF-G1002-BP, EDR-810, EDR-8010, EDR-G9004, EDR-G9010, NAT-102, TN-4900, and OnCell G4302-LTE4 series is related to the lack of measures to neutralize specific components. Exploiting this vulnerability allows a malicious actor ...

Fake Binance Wallet Email Promises TRUMP Coin, Installs Malware

Scammers use fake Binance wallet emails to lure users with TRUMP Coin, but instead, they install malware that grants hackers full control over victims' devices...

Linux Distros Unpatched Vulnerability : CVE-2024-53064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - idpf: fix idpfvccoreinit error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases al...

PT-2025-9030 · Motorola Mobility · Droid Razr Hd

Name of the Vulnerable Software and Affected Versions: Motorola Mobility Droid Razr HD version 9.18.94.XT926.Verizon.en.US Description: An issue in the device allows physically proximate unauthorized attackers to access USB debugging, leading to control of the host device itself. This issue can b...

CVE-2025-25523

Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v11.00.023 due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability...

CVE-2025-25523

Buffer overflow vulnerability in Trendnet TEG-40128 Web Smart Switch v11.00.023 due to the lack of length verification, which is related to the mobile access point setup operation. The attacker can directly control the remote target device by successfully exploiting this vulnerability...

CVE-2024-36557

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh and Forever KidsWatch Call Me 2 KW60 R36CWYDES4A292V1.02023.05.2422.49.44cobb. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to...

CVE-2024-36557

The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36YDRA3PWGM7SV1.02019071516.19.24cobh and Forever KidsWatch Call Me 2 KW60 R36CWYDES4A292V1.02023.05.2422.49.44cobb. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to...

CVE-2019-5035

An exploitable information disclosure vulnerability exists in the Weave PASE pairing functionality of the Nest Cam IQ Indoor, version 4620002. A set of specially crafted weave packets can brute force a pairing code, resulting in greater Weave access and potentially full device control. An attacke...

CVE-2020-16209

A malicious attacker could exploit the interface of the Fieldcomm Group HART-IP release 1.0.0.0 by constructing messages with sufficiently large payloads to overflow the internal buffer and crash the device, or obtain control of the device...

Multiple vulnerabilities in Defense Platform Home Edition

Overview Defense Platform Home Edition provided by Humming Heads Inc. contains multiple vulnerabilities listed below. Improper handling of message in specific process CWE-422 - CVE-2025-20094 Execution with unnecessary privileges CWE-250 - CVE-2025-22890 Improper handling of message in specific...

The vulnerability of the microprogrammed software of medical monitoring devices such as CMS8000 Patient Monitor and Epsimed MN-120 arises from the fact that the output of operations may escape the buffer in memory. This allows an intruder to gain unauthorized access to protected information, execute arbitrary codes, or gain full control over the device.

The vulnerability of the microprogrammed software of the CMS8000 Patient Monitor and Epsimed MN-120 medical devices related to the execution of operations outside the buffer in memory. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protecte...

SquareX Unveils “Browser Syncjacking” Attack Granting Full Browser and Device Control

Palo Alto, USA, 30th January 2025, CyberNewsWire...

CVE-2024-55407

An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests...

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

Govee Home 安全漏洞

Govee Home is an application from Govee, Inc. A security vulnerability exists in Govee Home that stems from an Authorization Error vulnerability in the HTTP POST method in the application, which allows remote attackers to take control of devices owned by other users by changing the values of the...

CVE-2024-11999

CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product...