Lucene search
+L

139 matches found

CVE
CVE
added 2025/12/05 12:0 a.m.15 views

CVE-2025-32901

CVE-2025-32901 affects KDE Connect on Android prior to 1.33.0. A flaw lets an attacker send malicious device IDs via broadcast UDP that can crash the targeted application. The Red Hat advisory notes mitigation is not available or does not meet security criteria, and Nessus/NASL entries flag unpat...

4.3CVSS6.5AI score0.00166EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/05 12:0 a.m.34 views

CVE-2025-32901

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

4.3CVSS0.00166EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49197

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

4.3CVSS6.9AI score0.00166EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/12/04 12:0 a.m.6 views

Ubuntu 25.10 : KDE Connect vulnerability (USN-7905-1)

The remote Ubuntu 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-7905-1 advisory. It was discovered that KDE Connect incorrectly handled device IDs. An attacker could possibly use this issue to bypass authentication and connect an unpaired device...

4.7CVSS5.6AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2025/12/03 9:46 a.m.3 views

USN-7905-1 kdeconnect vulnerability

It was discovered that KDE Connect incorrectly handled device IDs. An attacker could possibly use this issue to bypass authentication and connect an unpaired device...

4.7CVSS5.8AI score0.00185EPSS
Exploits0References2
OSV
OSV
added 2025/11/27 12:0 a.m.5 views

UBUNTU-CVE-2025-66270

The KDE Connect protocol 8 before 2025-11-28 does not correlate device IDs across two packets. This affects KDE Connect before 25.12 on desktop, KDE Connect before 0.5.4 on iOS, KDE Connect before 1.34.4 on Android, GSConnect before 68, and Valent before 1.0.0.alpha.49...

4.7CVSS5.8AI score0.00185EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/31 12:13 a.m.4 views

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

7.5CVSS6.7AI score0.0027EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/30 6:31 p.m.4 views

EUVD-2025-37022

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

7.5CVSS6.2AI score0.0027EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 4:15 p.m.7 views

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

7.5CVSS0.0027EPSS
Exploits0References1
CVE
CVE
added 2025/10/30 12:0 a.m.28 views

CVE-2025-61113

TalkTalk Android app v3.3.6 has improper access control across multiple API endpoints. The issue allows parameter tampering to extract sensitive user data (device identifiers, birthdays) and private group information (including join credentials). Impact is privacy breach and unauthorized access t...

7.5CVSS6.3AI score0.0027EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/30 12:0 a.m.9 views

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

0.0027EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/30 12:0 a.m.2 views

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

6.3AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/30 12:0 a.m.7 views

PT-2025-44419

Name of the Vulnerable Software and Affected Versions TalkTalk version 3.3.6 Description The TalkTalk 3.3.6 Android App has improper access control issues in several API endpoints. Modifying request parameters can allow attackers to get sensitive user information, like device identifiers and...

7.5CVSS6.3AI score0.0027EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/07 2:6 a.m.11 views

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS7.1AI score0.0027EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/10/06 12:0 a.m.7 views

PT-2025-40946

Name of the Vulnerable Software and Affected Versions YoSmart YoLink MQTT broker versions through 2025-10-02 Description The YoLink MQTT broker does not adequately enforce authorization controls, which can lead to cross-account attacks. An attacker who obtains device IDs can remotely operate...

4.9CVSS6.6AI score0.0027EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2025/10/06 12:0 a.m.3 views

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS6.8AI score0.0027EPSS
Exploits0References4
CVE
CVE
added 2025/10/06 12:0 a.m.20 views

CVE-2025-59449

The YoSmart YoLink MQTT broker and ecosystem components through 2025-10-02 contain multiple concrete issues: (1) insufficient authorization controls allow cross-account attack if an attacker learns device IDs, potentially enabling remote control of other users’ devices; (2) YoLink device IDs are ...

4.9CVSS6.8AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-57420

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00153EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/09/23 12:0 a.m.5 views

Security Evaluation of Android Apps in Budget African Mobile Devices

Android's open-source nature facilitates widespread smartphone accessibility, particularly in price-sensitive markets. System and vendor applications that come pre-installed on budget Android devices frequently operate with elevated privileges, yet they receive limited independent examination. To...

6.7AI score
Exploits0
OSV
OSV
added 2025/09/22 6:15 p.m.6 views

CVE-2025-57437

The Blackmagic Web Presenter HD firmware version 3.3 exposes sensitive information via an unauthenticated Telnet service on port 9977. When connected, the service reveals extensive device configuration data including: - Model, version, and unique identifiers - Network settings including IP, MAC,...

9.8CVSS5.8AI score0.00497EPSS
Exploits1References2
Rows per page
Query Builder