1040 matches found
CVE-2025-66217 AIS-catcher Integer Underflow in MQTT Packet Parsing leading to Heap Buffer Overflow
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Leng...
GHSA-9C5Q-W6GR-FXCQ MQTT does not validate hostnames
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle MITM attack...
[SECURITY] Fedora 42 Update: qt6-qtmqtt-6.9.3-1.fc42
MQTT is a machine-to-machine M2M protocol utilizing the publish-and-subscri be paradigm, and provides a channel with minimal communication overhead. The Qt MQTT module provides a standard compliant implementation of the MQTT protocol specification. It enables applications to act as telemetry...
Apache ActiveMQ NMS AMQP Client has a Deserialization of Untrusted Data vulnerability
A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malicious servers could exploit unbounded deserializatio...
Exploit for Improper Input Validation in Microsoft
MSMQ Vulnerability Proof of Concept This repository contains...
EUVD-2006-0536
Malware in sbrugna...
EUVD-2005-2670
Malware in sbrugna...
EUVD-2006-0537
Malware in sbrugna...
EUVD-2005-2668
Malware in sbrugna...
The Bug Report – September 2025 Edition
The Bug Report – September 2025 Edition By Jonathan Omakun · October 7, 2025 Why am I here? Ah, September. When the leaves change colors, so do the threat landscapes! As summer fades into autumn, cybersecurity professionals are harvesting a bumper crop of vulnerabilities that would make any pumpk...
EUVD-2025-32583
Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...
CVE-2025-58581 Information Disclosure Through Stacktrace-/MQTT/Config/changeAll
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...
CVE-2025-59448
CVE-2025-59448 concerns the YoSmart YoLink ecosystem, where components including the YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker communicate over the internet using unencrypted MQTT. The vulnerability arises from insecure transmission, allowing an attacker who can m...
PT-2025-40945
Name of the Vulnerable Software and Affected Versions YoSmart YoLink ecosystem through 2025-10-02 YoLink Hub 0382 YoLink Mobile Application version 1.40.41 YoLink MQTT Broker Description Components of the YoSmart YoLink ecosystem utilize unencrypted MQTT for internet communication. This allows an...
EUVD-2023-40524
Malicious code in bioql PyPI...
EUVD-2024-19066
Malicious code in bioql PyPI...
EUVD-2023-41996
Malicious code in bioql PyPI...
EUVD-2025-25834
Malicious code in bioql PyPI...
EUVD-2025-2297
Malicious code in bioql PyPI...
EUVD-2025-24557
Malicious code in bioql PyPI...