105 matches found
EUVD-2026-37576
An attacker with access via network to the Regesta Smart HD-PLC of the provider Teldat in this case, NO registration action is required who has the vulnerable software could obtain privilege information by using the command Version via the path: /upgrade/query.php?cmd=p+3&3Bversion resulting in a...
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
Cybersecurity researchers have warned of a "resurgence and expansion" of JDY , a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO small office and home office and IoT devices and operates as a centrally controlled, high-performanc...
SwarmSense-DNN: A Trustworthy and Decentralized Neural Framework for Proactive Anomaly Defense in Consumer IoT
The rapid growth of consumer IoT devices has introduced unprecedented challenges in trustworthy anomaly detection against AI-enabled cyber threats, requiring real-time, privacy-preserving, and scalable defense mechanisms. Traditional centralized strategies face critical limitations, including...
Your Body Is Betraying Your Right to Privacy
Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse...
Covert Surveillance in Smart Devices: A SCOUR Framework Analysis of Youth Privacy Implications
This paper investigates how smart devices covertly capture private conversations and discusses in more in-depth the implications of this for youth privacy. Using a structured review guided by the PRISMA methodology, the analysis focuses on privacy concerns, data capture methods, data storage and...
EUVD-2025-11087
Malicious code in bioql PyPI...
EUVD-2025-11135
Malicious code in bioql PyPI...
EUVD-2021-7383
Malicious code in bioql PyPI...
EUVD-2025-7531
Malicious code in bioql PyPI...
CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...
CVE-2025-27927
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-31941
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...
CVE-2025-27927
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...
CVE-2025-27927
CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...
CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "scenes"...
CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...
CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...
CVE-2025-31941
Growatt Cloud Applications (China) is affected by an information-disclosure vulnerability described in multiple sources as CVE-2025-31941. The issue allows an unauthenticated attacker to obtain a list of smart devices by using a valid username, with affected versions up to 3.6.0 and prior (per CN...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a list of smart devices via a valid username...