543 matches found
EUVD-2025-5207
Malicious code in bioql PyPI...
EUVD-2024-42780
Malicious code in bioql PyPI...
CVE-2025-36756
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...
CVE-2025-36756
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...
CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...
CVE-2025-36756 Device Takeover vulnerability in SolaX Cloud
A problem with missing authorization on SolaX Cloud platform allows taking over any SolaX solarpanel inverter of which the serial number is known...
CVE-2025-36756
The CVE-2025-36756 entry describes a missing-authorization vulnerability in the SolaX Cloud platform that could allow takeover of a known-serial-number SolaX solar inverter. Affected component is the SolaX Cloud platform beneath the inverter management flow; root cause is insufficient access cont...
PT-2025-37028
Name of the Vulnerable Software and Affected Versions: SolaX Cloud platform affected versions not specified Description: A missing authorization issue exists on the SolaX Cloud platform. This allows unauthorized access and potential takeover of SolaX solar panel inverters when the serial number i...
rxrpc: Fix delayed ACKs to not set the reference serial number
...
Linux Distros Unpatched Vulnerability : CVE-2021-37155
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wolfSSL 4.6.x through 4.7.x before 4.8.0 does not produce a failure outcome when the serial number in an OCSP request differs from the serial number in the OCSP...
CVE-2025-8452
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2024-26009
An authentication bypass using an alternate path or channel CWE-288 vulnerability in Fortinet FortiOS version 6.4.0 through 6.4.15 and before 6.2.16, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8 and before 7.0.15 & FortiPAM before version 1.2.0 allows an unauthenticated attacker to...
CVE-2024-26009
An authentication bypass using an alternate path or channel CWE-288 vulnerability in Fortinet FortiOS 6.4.0 through 6.4.15, FortiOS 6.2.0 through 6.2.16, FortiOS 6.0 all versions, FortiPAM 1.2.0, FortiPAM 1.1.0 through 1.1.2, FortiPAM 1.0.0 through 1.0.3, FortiProxy 7.4.0 through 7.4.2, FortiProx...
CVE-2025-8452
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2025-8452 Unauthenticated leak of sensitive information affecting multiple models from Brother Industries, Ltd., Toshiba Tec, and Konica Minolta, Inc.
By using the "uscan" protocol provided by the eSCL specification, an attacker can discover the serial number of multi-function printers that implement the Brother-provided firmware. This serial number can, in turn, can be leveraged by the flaw described by CVE-2024-51978 to calculate the default...
CVE-2025-47872
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...
CVE-2025-47872
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...
CVE-2025-46414 EG4 Electronics EG4 Inverters Improper Restriction of Excessive Authentication Attempts
The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...
CVE-2025-47872 EG4 Electronics EG4 Inverters Observable Discrepancy
The public-facing product registration endpoint server responds differently depending on whether the S/N is valid and unregistered, valid but already registered, or does not exist in the database. Combined with the fact that serial numbers are sequentially assigned, this allows an attacker to gai...
CVE-2025-47872
CVE-2025-47872 affects EG4 Electronics EG4 Inverters. The public-facing product registration endpoint exposes information about serial numbers (SNs) based on their status (valid/unregistered, valid/registered, nonexistent). Because SNs are sequential, an attacker can infer the registration status...