16 matches found
EUVD-2026-23494
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...
CVE-2026-40066
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...
CVE-2026-40066
CVE-2026-40066 affects Anviz CX2 Lite and CX7 due to unverified update packages that can be uploaded. The device may unpack and execute a script, resulting in unauthenticated remote code execution. Root cause appears to be lack of integrity verification for update packages before execution. Impac...
CVE-2026-40066 Anviz Products Download of Code Without Integrity Check
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...
CVE-2026-40066 Anviz Products Download of Code Without Integrity Check
Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution...
WordPress plugin Country Blocker for AdSense 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
CVE-2025-15556
Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download a...
TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities
Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. The TP-Link Tapo C220 v1 and TP-Link Tapo C520WS v2 have security vulnerabilities. These vulnerabilities stem from the fact that firmware updates terminate core services without verifying...
CVE-2025-63434
CVE-2025-63434 affects Xtooltech Xtool AnyScan Android Application (versions up to 4.40.40). The update mechanism downloads and extracts update packages containing executable code without cryptographic integrity or authenticity checks. If an attacker can control update metadata, they can serve a ...
EUVD-2023-26478
Malicious code in bioql PyPI...
SICK InspectorP61x和SICK InspectorP62x 安全漏洞
The SICK InspectorP61x and SICK InspectorP62x are both ultra-compact industrial 2D vision sensors from SICK, Germany. A security vulnerability exists in the SICK InspectorP61x version prior to 5.0.0 and InspectorP62x version prior to 5.0.0, which stems from an unverified firmware update that allo...
CVE-2023-22315
Snap One Wattbox WB-300-IP-3 versions WB10.9a17 and prior use a proprietary local area network LAN protocol that does not verify updates to the device. An attacker could upload a malformed update file to the device and execute arbitrary code...
PT-2022-6271 · Emco · Unlock It +7
Name of the Vulnerable Software and Affected Versions: EMCO Software products, including MSI Package Builder for Windows version 9.1.4 Remote Installer for Windows version 6.0.13 Ping Monitor for Windows version 8.0.18 Remote Shutdown for Windows version 7.2.2 WakeOnLan version 2.0.8 Network...
CVE-2020-29438
Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip...
CoolMusicBox Upgrade Process Involves Arbitrary File Download Vulnerability
Coolmusic is a one-stop personalized music service platform that integrates music discovery, access and enjoyment. There is an arbitrary file download vulnerability in the update process of kwmusic, due to the use of insecure HTTP communication protocol to interact with the server, and did not...
Code injection
The PartyGaming PartyPoker client program 121/120 does not properly verify the authenticity of updates, which allows remote man-in-the-middle attackers to execute arbitrary code via a Trojan horse update...