CVE-2026-23833

A flaw was found in ESPHome. An integer overflow vulnerability exists in the API component's protobuf decoder. A remote attacker can exploit this by sending a specially crafted, large fieldlength value, which bypasses a bounds check. This can lead to a denial-of-service DoS condition, causing the...

CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

CVE-2026-23833 ESPHome vulnerable to denial-of-service via out-of-bounds check bypass in the API component

ESPHome is a system to control microcontrollers remotely through Home Automation systems. In versions 2025.9.0 through 2025.12.6, an integer overflow in the API component's protobuf decoder allows denial-of-service attacks when API encryption is not used. The bounds check ptr + fieldlength end in...

CVE-2025-42933 Insecure Storage of Sensitive Information in SAP Business One (SLD)

When a user logs in via SAP Business One native client, the SLD backend service fails to enforce proper encryption of certain APIs. This leads to exposure of sensitive credentials within http response body. As a result, it has a high impact on the confidentiality, integrity, and availability of t...

PT-2025-26982 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue discloses sensitive user information in API requests in clear text, which could be intercepted using man-in-the-middle techniques. Recommendations: For IBM InfoSphere...

GHSA-8P25-3Q46-8Q2P ESPHome vulnerable to remote code execution via arbitrary file write

Summary Security misconfiguration in edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. Detail...

CVE-2017-14797

Lack of Transport Encryption in the public API in Philips Hue Bridge BSB002 SW 1707040932 allows remote attackers to read API keys and consequently bypass the pushlink protection mechanism, and obtain complete control of the connected accessories by leveraging the ability to sniff HTTP traffic on...