CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1857 matches found

EUVD•added 2025/10/06 9:30 p.m.•4 views

EUVD-2025-32583

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS6.1AI score0.00015EPSS

Exploits0References4

Microsoft Secure•added 2025/10/06 9:0 p.m.•2 views

Inside Microsoft Threat Intelligence: Calm in the chaos

Leading Through the Worst Day Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response IR team, that chaos is exactly where the work begins. In Episode 1, we showed how Microsoft Threat...

6.8AI score

Exploits0

Microsoft Secure•added 2025/10/06 9:0 p.m.•2 views

Inside Microsoft Threat Intelligence: Calm in the chaos

6.8AI score

Exploits0

Vulnrichment•added 2025/10/06 6:50 a.m.•3 views

CVE-2025-58581 Information Disclosure Through Stacktrace-/MQTT/Config/changeAll

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

4.3CVSS6.3AI score0.0009EPSS

Exploits0References6

CVE•added 2025/10/06 12:0 a.m.•11 views

CVE-2025-59448

CVE-2025-59448 concerns the YoSmart YoLink ecosystem, where components including the YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker communicate over the internet using unencrypted MQTT. The vulnerability arises from insecure transmission, allowing an attacker who can m...

4.7CVSS6.3AI score0.00015EPSS

Exploits0References4

Packet Storm News•added 2025/10/05 12:0 a.m.•4 views

Cyber Warfare during Operation Sindoor: Malware Campaign Analysis and Detection Framework

Rapid digitization of critical infrastructure has made cyberwarfare one of the important dimensions of modern conflicts. Attacking the critical infrastructure is an attractive pre-emptive proposition for adversaries as it can be done remotely without crossing borders. Such attacks disturb the...

6.9AI score

Exploits0

OSV•added 2025/10/04 12:11 a.m.•8 views

RLSA-2025:12831 Moderate: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score...

5.4CVSS7.6AI score0.00294EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-49610

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00262EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2022-40627

Malicious code in bioql PyPI...

7CVSS7.1AI score0.0031EPSS

Exploits0References2