Lucene search
K

39 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-29099

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00483EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-29098

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00745EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29101

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.00672EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-29100

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:9 a.m.8 views

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

7.5CVSS6.9AI score0.00483EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:58 p.m.10 views

CVE-2022-24187

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

7.5CVSS6.6AI score0.00745EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:58 p.m.7 views

CVE-2022-24189

The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...

6.5CVSS6.6AI score0.00507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:28 p.m.9 views

CVE-2022-24190

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...

7.5CVSS7.1AI score0.00672EPSS
Exploits1References1
NVD
NVD
added 2022/11/28 10:15 p.m.13 views

CVE-2022-24190

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...

7.5CVSS0.00672EPSS
Exploits1References1
NVD
NVD
added 2022/11/28 10:15 p.m.17 views

CVE-2022-24189

The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...

6.5CVSS0.00507EPSS
Exploits1References1
OSV
OSV
added 2022/11/28 10:15 p.m.4 views

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

7.5CVSS5.8AI score0.00483EPSS
Exploits1References1
OSV
OSV
added 2022/11/28 10:15 p.m.3 views

CVE-2022-24187

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

7.5CVSS5.8AI score0.00745EPSS
Exploits1References2
NVD
NVD
added 2022/11/28 10:15 p.m.13 views

CVE-2022-24187

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

7.5CVSS0.00745EPSS
Exploits1References2
OSV
OSV
added 2022/11/28 10:15 p.m.5 views

CVE-2022-24190

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...

7.5CVSS5.8AI score0.00672EPSS
Exploits1References1
OSV
OSV
added 2022/11/28 10:15 p.m.3 views

CVE-2022-24189

The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...

6.5CVSS5.8AI score
Exploits0References1
NVD
NVD
added 2022/11/28 10:15 p.m.14 views

CVE-2022-24188

The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct...

7.5CVSS0.00483EPSS
Exploits1References1
Prion
Prion
added 2022/11/28 10:15 p.m.17 views

Design/Logic Flaw

The userid and deviceid on the Ourphoto App version 1.4.1 /device/ end-points both suffer from insecure direct object reference vulnerabilities. Other end-users userid and deviceid values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an...

5CVSS7.4AI score0.00745EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/28 10:15 p.m.19 views

Authentication flaw

The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The usertoken header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to acce...

5CVSS7.7AI score0.00672EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/11/28 10:15 p.m.24 views

Authorization

The usertoken authorization header on the Ourphoto App version 1.4.1 /apiv1/ end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other use...

6.4CVSS6.4AI score0.00507EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.4 views

Shenzhen Fujia Technology OurPhoto 安全漏洞

Shenzhen Fujia Technology OurPhoto is a cloud photo frame software from Shenzhen Fujia Technology, China. It allows you to share photos and video files directly on your cell phone. A security vulnerability exists in Shenzhen Fujia Technology OurPhoto version 1.4.1, which stems from the fact that...

7.5CVSS7.4AI score0.00672EPSS
Exploits1References3
Rows per page
Query Builder