31 matches found
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
CVE-2025-62643
The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...
CVE-2025-62646
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62651
The Restaurant Brands International RBI assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface...
CVE-2025-62649
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders...
CVE-2025-62650
The Restaurant Brands International RBI assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen...
CVE-2025-62648
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume...
CVE-2025-62648
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume...
CVE-2025-62647
The Restaurant Brands International RBI assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path...
CVE-2025-62646
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers...
Restaurant Brands International assistant platform 安全漏洞
Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in the Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a dependency on client...
Restaurant Brands International assistant platform 安全漏洞
Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from a createToken GraphQL mutation that...
CVE-2025-62642
The Restaurant Brands International RBI assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account...
CVE-2025-62648
CVE-2025-62648 affects Restaurant Brands International (RBI) assistant platform versions up to 2025-09-06. The connected CSAF document details multiple vulnerabilities: an unauthenticated account creation path via a signup API, cleartext transmission of passwords in email, a token with administra...
CVE-2025-62646
CVE-2025-62646 affects the Restaurant Brands International assistant platform (through 2025-09-06). Multiple sources describe a vulnerability allowing a remote attacker to review stored audio of conversations between Drive Thru staff and customers. The root cause details are not explicitly provid...
CVE-2025-62648
The Restaurant Brands International RBI assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume...
Restaurant Brands International assistant platform 安全漏洞
Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in Restaurant Brands International assistant platform version 2025-09-06 and earlier, which originates from a remote attacker being able to...
CVE-2025-62643
The RBI assistant platform (Restaurant Brands International) through 2025-09-06 is affected by multiple interconnected issues. Public sources describe a remote, unauthenticated signup weakness via an open signup API, enabling account creation without proper verification, and a separate vulnerabil...