EUVD-2025-202635

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products, which stems from the automatic collection and uploading of unencrypted sensitive information. The following products and versions are affected: the Camera Hub ...

The upload_compliance_result.xml file is not created immediately after enabling automatic upload

Uploadcomplianceresult.xml is not created immediately after enabling automatic upload...

Cross-site scripting in papermerge

Multiple cross-site scripting XSS vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document's filename. If email consumption is configured in...

CVE-2019-7306

CVE-2019-7306 concerns Byobu, where the Apport hook may disclose sensitive information by auto-uploading the local user’s .screenrc (potentially exposing hostnames, usernames, and passwords). The connected OSV/Ubuntu entries confirm Byobu as the affected component and describe the disclosure risk...