6175 matches found
CVE-2026-0576
CVE-2026-0576 affects code-projects Online Product Reservation System 1.0, specifically the Parameter Handler’s /handgunner-administrator/prod.php. The vulnerability arises from manipulating the arguments cat/price/name/model/serial within that file, resulting in an SQL injection vulnerability. T...
CVE-2026-0576 code-projects Online Product Reservation System Parameter prod.php sql injection
A vulnerability was detected in code-projects Online Product Reservation System 1.0. Affected is an unknown function of the file /handgunner-administrator/prod.php of the component Parameter Handler. Performing a manipulation of the argument cat/price/name/model/serial results in sql injection. I...
CVE-2025-3654
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...
CVE-2025-3653
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...
CVE-2025-3654
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...
CVE-2025-3653
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...
CVE-2025-3654 Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...
CVE-2025-3654 Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through...
CVE-2025-3654
Petlibro Smart Pet Feeder Platform (vulnerable up to 1.7.31) exposes an information disclosure via insecure API endpoint /device/devicePetRelation/getBoundDevices. Attackers can retrieve device hardware identifiers (serial numbers, MAC addresses) by supplying a pet ID, potentially enabling unauth...
CVE-2025-3653
Summary of CVE-2025-3653 : Petlibro Smart Pet Feeder Platform (versions up to 1.7.31) suffers improper access control via device-control APIs. The vulnerability allows unauthorized manipulation by accepting arbitrary serial numbers without ownership verification, enabling an attacker to control a...
CVE-2025-3653 Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...
CVE-2025-3653 Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...
PT-2026-1181
Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an improper access control issue. The platform allows unauthorized device manipulation by accepting arbitrary serial...
PT-2026-1182
Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an information disclosure issue. This allows unauthorized access to device hardware information. An attacker can obtain...
CVE-2025-68273
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and install...
EUVD-2026-0184
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure...
CVE-2025-67269
A flaw was found in gpsd. A remote attacker can exploit this vulnerability by sending a specially crafted NAVCOM packet. When parsing the packet, an error in calculating the payload length can cause the system to attempt to process an extremely large amount of data. This leads to excessive CPU...
EUVD-2025-206138
Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints...
Information Exposure
Overview signalk-server is an An implementation of a Signal K server for boats. Affected versions of this package are vulnerable to Information Exposure via the exposed endpoints /skServer/serialports, /skServer/availablePaths, and /skServer/hasAnalyzer that are not protected by authentication...
GHSA-FPF5-W967-RR2M Signal K Server Vulnerable to Unauthenticated Information Disclosure via Exposed Endpoints
Note This is a separate issue from the RCE vulnerability State Pollution currently being patched. While related to tokensecurity.js, it involves different endpoints and risks. Summary An unauthenticated information disclosure vulnerability allows any user to retrieve sensitive system information,...