66 matches found
EUVD-2025-204619
The HTTPS service on Tapo C200 V3 exposes a connectAP interface without proper authentication. An unauthenticated attacker on the same local network segment can exploit this to modify the device’s Wi-Fi configuration, resulting in loss of connectivity and denial-of-service DoS...
CVE-2025-14553
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...
CVE-2025-14553 Password Hash Leak Could Lead to Unauthorized Access on Tapo App via Local Network
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...
PT-2025-51777
Name of the Vulnerable Software and Affected Versions TP-Link Tapo C210 versions 1.8 Description An unauthenticated API response exposes password hashes in the TP-Link Tapo C210 application on iOS and Android. This allows attackers to attempt to brute force the password within the local network...
CVE-2025-36743
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
EUVD-2025-203086
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
CVE-2025-36743
SolarEdge SE3680H has an exposed debug/test interface accessible to unauthenticated actors, allowing disclosure of system internals and execution of debug commands...
SolarEdge SE3680H 安全漏洞
The SolarEdge SE3680H is a high-clearance wave inverter from SolarEdge, Israel. A security vulnerability exists in the SolarEdge SE3680H that originates from the exposure of an unauthenticated debug or test interface, which could lead to the disclosure of internal system information and the...
Iskra iHUB和Iskra iHUB Lite 访问控制错误漏洞
Both Iskra iHUB and Iskra iHUB Lite are a smart metering gateway from Iskra, Slovenia. An access control error vulnerability exists in the Iskra iHUB and Iskra iHUB Lite that originates from an unauthenticated web management interface and could lead to unauthorized access and modification...
SICK AG TLOC100-100 安全漏洞
The SICK AG TLOC100-100 is a mobile robot positioning system from SICK Germany. A security vulnerability exists in the SICK AG TLOC100-100 that stems from an unauthenticated C++ API that could be exploited by a remote attacker to cause sensitive data to be accessed or modified and service...
EUVD-2019-17256
Malware in sbrugna...
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3
Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container. The vulnerability, tracked as CVE-2025-9074 , carries a CVSS score of 9.3 out of 10.0. It has...
Vulnerabilities fixed in Commvault
Commvault has fixed vulnerabilities in Commvault components such as CommCell and ComServe versions prior to 11.36.60. The vulnerabilities are in versions of Commvault prior to 11.36.60. The first vulnerability allows unauthenticated attackers to execute API calls through a known login mechanism,...
Linux Distros Unpatched Vulnerability : CVE-2019-2964
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Concurrency. Supported versions that are affected are Java SE: 7u231, 8u221,...
Radiflow iSAP Smart Collector 安全漏洞
Radiflow iSAP Smart Collector is a remote traffic collection and forwarding appliance designed for industrial networks from Radiflow USA. A security vulnerability exists in the Radiflow iSAP Smart Collector that stems from an OS command injection in an unauthenticated REST API on the management...
CVE-2025-5310
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework TCF interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution...
CVE-2025-5310
Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated Target Communication Framework (TCF) interface on a specific port. The interface allows files to be created, deleted, or modified and could enable remote code execution. Affected product: ProGauge MagL...
Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE 访问控制错误漏洞
The Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE DFS ProGauge MAGLINK LX CONSOLE is an industrial console from Dover Fueling Solutions, Inc. designed for expansion. An access control error vulnerability exists in the Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE that stems from...
Autel MaxiCharger AC Wallbox Commercial 访问控制错误漏洞
Autel MaxiCharger AC Wallbox Commercial is a smart AI electric car charger from Autel USA. Autel MaxiCharger AC Wallbox Commercial suffers from an Access Control Error vulnerability that stems from a lack of authentication in the Pile API, which can be exploited by an attacker to cause a credenti...
Lenovo XClarity Administrator 安全漏洞
Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo China. The product is capable of providing agentless hardware management for servers, storage, network switches, and more. A security vulnerability exists in Lenovo XClarity Administrator. An attacker cou...