EUVD-2023-44261

Malicious code in bioql PyPI...

CVE-2024-56972

An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2023-1748

The listed versions of Nexx Smart Home devices use hard-coded credentials. An attacker with unauthenticated access to the Nexx Home mobile application or the affected firmware could view the credentials and access the MQ Telemetry Server MQTT server and the ability to remotely control garage door...

CVE-2024-52329 ECOVACS HOME mobile app plugins do not properly validate TLS certificates

ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authentication tokens...

CVE-2023-4617

CVE-2023-4617 describes an incorrect authorization vulnerability in the Govee Home application (Android and iOS) that is exploitable via the HTTP POST method. A remote attacker can manipulate the request fields—device , sku , and type —to gain control of devices owned by other users. Affected ver...

PT-2024-21097

Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS versions 10.8.1 through 11.2 ArcGIS Enterprise versions 11.1 and below Description The issue is related to improper authentication in the Home application, which could potentially allow a remote, unauthenticated attacker...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

CVE-2023-3612 Unprotected WebView access in Govee Home App

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

CVE-2023-3612 Unprotected WebView access in Govee Home App

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

PT-2023-25434 · Govee · Govee Home

Name of the Vulnerable Software and Affected Versions: Govee Home app affected versions not specified Description: The Govee Home app has unprotected access to the WebView component, which can be opened by any app on the device. By sending a URL to a specially crafted site, an attacker can execut...

PT-2023-18711 · Western Digital · My Cloud Home Web App +5

Name of the Vulnerable Software and Affected Versions: My Cloud OS 5 Mobile App versions prior to 4.21.0 My Cloud Home Mobile App versions prior to 4.21.0 ibi Mobile App versions prior to 4.21.0 My Cloud OS 5 Web App versions prior to 4.26.0-6126 My Cloud Home Web App versions prior to 4.26.0-612...

CVE-2022-38191

There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application...

CVE-2021-29110

Stored cross-site scripting XSS issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application...

Denial of Service Vulnerability in Meijer's Meijer App

Midea Home App is the official app of Midea Group for consumers, and it is also the smart home appliance management app based on M-Smart system. A denial of service vulnerability exists in Midea Home App, which can be exploited by attackers to cause the app to stop running...

Beijing Chain Home Real Estate Brokerage Co. Chain Home app suffers from denial-of-service vulnerability

Chain Home App is an official client of Chain Home, a large-scale real estate leasing and trading website. Chain Home App provides services of second-hand houses, new houses, rental houses, real estate finance and wealth management, real estate appraisal and other business types. There is a...

CVE-2019-11063

A broken access control vulnerability in SmartHome app Android versions up to 3.0.42190515, ios versions up to 2.0.22 allows an attacker in the same local area network to list user accounts and control IoT devices that connect with its gateway HG100 via http://target/smarthome/devicecontrol witho...

Apple will let users run iOS apps on macOS

Apple is making it easier for mobile developers to port their iOS apps to the next-generation macOS Mojave desktop platform—a major step in bringing the two platforms closer together. However, at the same time, the company straightforward denied the idea of merging the iPhone and Mac operating...

Used Car Home App Has SMS Bombing Vulnerability

Used Car Home App is a mobile application platform that helps users to buy and sell used cars. The Used Car House APP version 6.1.4 suffers from an SMS bombing vulnerability that allows an attacker to traverse a cell phone number and consume server resources and cause a denial of service by sendi...

Circle with Disney Firmware Update Signature Check Bypass Vulnerability(CVE-2017-2898)

Summary An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be installed in the device resulting in arbitrary code execution. An attacker can send a series...