EUVD-2025-202637

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

CVE-2025-65295

Multiple vulnerabilities in Aqara Hub firmware update process in the Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 devices, allow attackers to install malicious firmware without proper verification. The device fails to validate firmware signatures during updates, uses outdated...

CVE-2025-60855

Reolink Video Doorbell WiFi DB566128M5MPW performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges. NOTE: this is disputed by the Supplier because the integrity of updates is...

CVE-2020-13178

A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process...

Jerome Gamez Firebase Admin SDK for PHP Access Control Error Vulnerability

Jerome Gamez Firebase Admin SDK for PHP is a PHP-based software development kit. An access control error vulnerability exists in the src/Firebase/Auth/IdTokenVerifier.php file in the Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0 through 3.8.0, which stems from the program's failure to...

Simple Streams Disk Forgery Vulnerability

Simple Streams is a library and tool for using simple streaming data. A vulnerability in Simple Streams fails to properly validate the GPG signature of a disk image file. Allowing a remote attacker to forge a disk image with a 403 response...