12 matches found
EUVD-2025-30817
Malicious code in bioql PyPI...
EUVD-2025-25471
Malicious code in bioql PyPI...
CVE-2025-57605
Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...
PT-2025-38732
Name of the Vulnerable Software and Affected Versions AiKaan IoT Platform affected versions not specified Description A missing server-side authorization check in the department admin assignment APIs within the AiKaan IoT Platform permits authenticated users to gain elevated privileges...
CVE-2025-57605
CVE-2025-57605 affects AiKaan IoT Platform: lack of server-side authorization on department admin assignment APIs allows authenticated users to elevate privileges by assigning themselves as admins of other departments, leading to unauthorized privilege escalation across the department. Documented...
CVE-2025-57605
Lack of server-side authorisation on department admin assignment APIs in AiKaan IoT Platform allows authenticated users to elevate their privileges by assigning themselves as admins of other departments. This results in unauthorized privilege escalation across the department...
CVE-2025-52351
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...
CVE-2025-52351
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...
CVE-2025-52351
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 sends a newly generated password to users in plaintext via email and also includes the same password as a query parameter in the account activation URL e.g., https://domain.com/activate=xyz. This practice can result in password exposure via...
CVE-2025-52352
Aikaan IoT management platform v3.25.0325-5-g2e9c59796 provides a configuration to disable user sign-up in distributed deployments by hiding the sign-up option on the login page UI. However, the sign-up API endpoint remains publicly accessible and functional, allowing unauthenticated users to...
PT-2025-34264 · Unknown · Aikaan Iot Management Platform
Name of the Vulnerable Software and Affected Versions: Aikaan IoT management platform version 3.25.0325-5-g2e9c59796 Description: The Aikaan IoT management platform sends newly generated passwords to users in plaintext via email. The same password is also included as a query parameter in the...
Aikaan IoT management platform 安全漏洞
Aikaan IoT management platform is a management platform from Aikaan India. Aikaan IoT management platform version v3.25.0325-5-g2e9c59796 suffers from a security vulnerability that stems from the registration API endpoint not being disabled, which could lead to authentication bypass and...