CVE-2025-65127

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get" operations, attackers can obtain device...

CVE-2025-65127

Affects Shenzhen Zhibotong Electronics ZBT WE2001 (version 23.09.27). The web API component lacks session validation, enabling remote unauthenticated access to administrative information-retrieval functions via get_* calls. Attackers can retrieve device configuration data, including plaintext cre...

PT-2026-7622

Name of the Vulnerable Software and Affected Versions Shenzhen Zhibotong Electronics ZBT WE2001 version 23.09.27 Description A missing session validation check within the web API component allows unauthenticated remote attackers to access administrative functions designed for authorized users...

EUVD-2025-24000

Malicious code in bioql PyPI...

PT-2025-32330 · Burk Technology · Arc Solo

Name of the Vulnerable Software and Affected Versions: Burk Technology ARC Solo affected versions not specified Description: The password change mechanism in Burk Technology ARC Solo does not require proper authentication, potentially allowing an attacker to take over the device. A password chang...

CVE-2022-28742

aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application...