Your Body Is Betraying Your Right to Privacy

Attachment to smart devices and biometric surveillance leaves Americans more vulnerable to police searches than ever. Left unchecked it will only get worse...

Covert Surveillance in Smart Devices: A SCOUR Framework Analysis of Youth Privacy Implications

This paper investigates how smart devices covertly capture private conversations and discusses in more in-depth the implications of this for youth privacy. Using a structured review guided by the PRISMA methodology, the analysis focuses on privacy concerns, data capture methods, data storage and...

EUVD-2025-11087

Malicious code in bioql PyPI...

EUVD-2025-7531

Malicious code in bioql PyPI...

EUVD-2025-11135

Malicious code in bioql PyPI...

EUVD-2021-7383

Malicious code in bioql PyPI...

CVE-2023-42189

Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-31941

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

CVE-2025-27927

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-27927

CVE-2025-27927 concerns Growatt Cloud Applications (Growatt Cloud portal). Connected sources describe a vulnerability where an unauthenticated attacker can determine a list of smart devices by querying an unprotected API using a valid username, indicating weak access control on user-oriented API ...

CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attackers can obtain a list of smart devices by knowing a valid username through an unprotected API...

CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

Unauthenticated attackers can obtain restricted information about a user's smart device collections i.e., "scenes"...

CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a list of smart devices by knowing a valid username...

CVE-2025-31941

Growatt Cloud Applications (China) is affected by an information-disclosure vulnerability described in multiple sources as CVE-2025-31941. The issue allows an unauthenticated attacker to obtain a list of smart devices by using a valid username, with affected versions up to 3.6.0 and prior (per CN...

PT-2025-16498

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can obtain a list of smart devices by knowing a valid username through an unprotected API. Recommendations At the moment, there is no information about a newer...

PT-2025-16489

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description Unauthenticated attackers can obtain restricted information about a user's smart device collections, also known as "rooms". Recommendations At the moment, there is no information about a newer...

PT-2025-16474

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description An unauthenticated attacker can obtain a list of smart devices by knowing a valid username. Recommendations At the moment, there is no information about a newer version that contains a fix for...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker being able to obtain a list of smart devices via an unprotected API...