28 matches found
KUKSA.val 访问控制错误漏洞
KUKSA.val is a middleware component developed by the Eclipse Foundation for vehicle-based data access and communication. KUKSA.val has an access control vulnerability; this vulnerability arises from clients who only have read access to JWT tokens being able to register as signal providers through...
CVE-2026-39687
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
EUVD-2026-20377
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
CVE-2026-39687
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
CVE-2026-39687 WordPress Rapid Car Check Vehicle Data plugin <= 2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
CVE-2026-39687
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
CVE-2026-39687 WordPress Rapid Car Check Vehicle Data plugin <= 2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
CVE-2026-39687
The CVE-2026-39687 entry refers to a WordPress plugin issue: Rapid Car Check Vehicle Data (free-vehicle-data-uk) plugin <= 2.0 with a Missing Authorization vulnerability due to incorrectly configured access control. Affected component: WordPress plugin code handling vehicle data access. Root c...
WordPress plugin Rapid Car Check Vehicle Data 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-31249
Missing Authorization vulnerability in Rapid Car Check Rapid Car Check Vehicle Data free-vehicle-data-uk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rapid Car Check Vehicle Data: from n/a through = 2.0...
A Real-Time Approach to Autonomous CAN Bus Reverse Engineering
This paper introduces a real-time method for reverse engineering a vehicle's CAN bus without prior knowledge of the vehicle or its CAN system. By comparing inertial measurement and CAN data during significant vehicle events, the method accurately identified the CAN channels associated with the...
CVE-2025-11690
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
Vulnerability fixed in CFMOTO Ride vehicle data management systems
CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...
EUVD-2025-37759
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690 IDOR vulnerability in the CFMOTO RIDE API
An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...
CVE-2025-11690
CVE-2025-11690 corresponds to an Insecure Direct Object Reference (IDOR) in the vehicleId parameter of the CFMOTO RIDE API backend. The issue allows unauthorized access to sensitive data from other users’ vehicles (GPS coordinates, encryption keys, initialization vectors, model numbers, fuel stat...
PT-2025-44991
Name of the Vulnerable Software and Affected Versions CFMOTO RIDE affected versions not specified Description An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this...
EUVD-2023-32521
Malicious code in bioql PyPI...
EUVD-2025-15803
Malicious code in bioql PyPI...
US Auto Insurance Platform ClaimPix Leaked 10.7TB of Records Online
Cybersecurity researcher Jeremiah Fowler discovered a massive 10.7TB ClaimPix leak exposing 5.1M customer files, vehicle data, and Power of Attorney documents. Read the full details...