CVE-2023-53983

Anevia Flamingo XL/XS 3.6.20 contains a critical vulnerability with weak default administrative credentials that can be easily guessed. Attackers can leverage these hard-coded credentials to gain full remote system control without complex authentication mechanisms...

CVE-2023-53983

CVE-2023-53983 affects Anevia Flamingo XL/XS 3.6.20. The provided documents describe a critical vulnerability due to weak default administrative credentials that can be guessed, allowing attackers to gain full remote system control without complex authentication. No explicit remediation (patch/ve...

PT-2025-54252

Name of the Vulnerable Software and Affected Versions Anevia Flamingo XL/XS version 3.6.20 Description The software contains a critical issue involving weak default administrative credentials. Attackers can easily guess these credentials to gain full remote system control without complex...

Ateme Flamingo XL 信任管理问题漏洞

Ateme Flamingo XL is an application from Ateme, Inc. Ateme Flamingo XL version 3.6.20 suffers from a Trust Management Issue vulnerability that stems from the use of weak default management credentials, which could lead to remote system control...

Espressif IoT Development Framework 缓冲区错误漏洞

Espressif IoT Development Framework is an open source IoT development framework from Espressif Systems. A buffer error vulnerability exists in Espressif IoT Development Framework versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and prior versions, which stems from insufficient validation of buffer siz...

CVE-2025-68474

CVE-2025-68474 affects ESF-IDF (Espressif IoT Development Framework) in ESP-IDF BlueDroid AVRCP stack. In avrc_vendor_msg(), the code validates the buffer with AVRC_MIN_CMD_LEN = 20 bytes, but the fixed header written before the vendor payload is 29 bytes, causing an out-of-bounds write when vend...

Malicious code in telebot-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae13454f920b5cce1011546e4802ed263ce8218d4b484ef8471142abb42c3f3e The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

MAL-2025-192942 Malicious code in telebot-bot (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ae13454f920b5cce1011546e4802ed263ce8218d4b484ef8471142abb42c3f3e The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

Malicious code in telegrem (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f2186dc29d07dc851d756bae0b5d080ebe5923efe6654fdb4aa9ec55bbba9b6a The package, distinguished as a speed testing or typosquatted Telegram library, contains a Telegram bot to perform remote control of the computer --- Category:...

CVE-2023-53964

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated vulnerability in the /usr/cgi-bin/restorefactory.cgi endpoint that allows remote attackers to reset device configuration. Attackers can send a POST request to the endpoint with specific data to trigger a factory reset and bypass...

CVE-2025-55254

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

CVE-2025-59849

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow the execution of malicious code in web pages...

CVE-2025-10910 Gaining remote control over Govee devices

A flaw in the binding process of Govee’s cloud platform and devices allows a remote attacker to bind an existing, online Govee device to the attacker’s account, resulting in full control of the device and removal of the device from its legitimate owner’s account. The server‑side API allows device...

CVE-2025-59849

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow the execution of malicious code in web pages...

CVE-2025-55254

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

CVE-2025-59849

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow the execution of malicious code in web pages...

CVE-2025-55254

The CVE-2025-55254 entry concerns HCL BigFix Remote Control Lite Web Portal, affected in versions 10.1.0.0326 and lower. The root cause is improper management of path-relative stylesheet imports, described as a Path-relative stylesheet import (PRSSI) issue, enabling potential malicious code execu...

CVE-2025-55254 HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI)

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

CVE-2025-55254 HCL BigFix Remote Control is vulnerable to a Path-relative stylesheet import (PRSSI)

Improper management of Path-relative stylesheet import in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow to execute malicious code in certain web pages...

EUVD-2025-203937

Improper management of Content Security Policy in HCL BigFix Remote Control Lite Web Portal versions 10.1.0.0326 and lower may allow the execution of malicious code in web pages...