CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-41108

The CVE describes Ghost Robotics Vision 60 (v0.27.2) as vulnerable due to a lack of encryption and authentication in its MAVLink-based communication protocol. This enables an external attacker to impersonate the control station and issue arbitrary commands to the robot, potentially gaining unauth...

Ghost Robotics Vision 60 授权问题漏洞

Ghost Robotics Vision 60 is a quadrupedal ground robot from Ghost Robotics, USA. An authorization issue vulnerability exists in Ghost Robotics Vision 60 version v0.27.2, which stems from a lack of encryption and authentication mechanisms in the communication protocol that could lead to unauthoriz...

EUVD-2018-2894

Malware in sbrugna...

EUVD-2021-27054

Malware in sbrugna...

EUVD-2015-1726

Malware in sbrugna...

EUVD-2009-2315

Malware in sbrugna...

EUVD-2024-54368

Malicious code in bioql PyPI...

EUVD-2024-23559

Malicious code in bioql PyPI...

EUVD-2025-5317

Malicious code in bioql PyPI...

EUVD-2025-13284

Malicious code in bioql PyPI...

EUVD-2024-53879

Malicious code in bioql PyPI...

iMonitor EAM 安全漏洞

iMonitor EAM is an employee computer network activity monitoring software from iMonitor USA. A security vulnerability exists in iMonitor EAM version 9.6394, which stems from the failure to use authentication or encryption during communication, which could lead to the disclosure of sensitive...

CVE-2025-31972

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components...

CVE-2025-33020

IBM Engineering Systems Design Rhapsody 9.0.2, 10.0, and 10.0.1 transmits sensitive information without encryption that could allow an attacker to obtain highly sensitive information...

Hacking Trains

Seems like an old system system that predates any care about security: The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device FRED, also known as an End-of-Train EOT device, is attached to the back of a train and sends...

CVE-2024-42657

An issue in wishnet Nepstech Wifi Router NTPL-XPON1GFEVN v1.0 allows a remote attacker to obtain sensitive information via the lack of encryption during login process...

CVE-2023-31410

A remote unprivileged attacker can intercept the communication via e.g. Man-In-The-Middle, due to the absence of Transport Layer Security TLS in the SICK EventCam App. This lack of encryption in the communication channel can lead to the unauthorized disclosure of sensitive information. The attack...

CVE-2020-29055

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. ...

CVE-2019-7229

The ABB CP635 HMI uses two different transmission methods to upgrade its firmware and its software components: "Utilization of USB/SD Card to flash the device" and "Remote provisioning process via ABB Panel Builder 600 over FTP." Neither of these transmission methods implements any form of...