Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/09/17 12:49 a.m.10 views

CVE-2025-50944

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...

8.8CVSS7AI score0.00247EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/09/17 12:49 a.m.13 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

9.8CVSS7AI score0.00611EPSS
Exploits3References1
OSV
OSV
added 2025/09/15 2:15 p.m.5 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

9.8CVSS5.8AI score0.00611EPSS
Exploits3References1
NVD
NVD
added 2025/09/15 2:15 p.m.22 views

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

8.8CVSS0.00249EPSS
Exploits2References1
NVD
NVD
added 2025/09/15 2:15 p.m.4 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

9.8CVSS0.00611EPSS
Exploits3References1
NVD
NVD
added 2025/09/15 2:15 p.m.7 views

CVE-2025-50944

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...

8.8CVSS0.00247EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.7 views

PT-2025-37566

Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: The custom X509TrustManager used in the checkServerTrusted function only checks the certificate's expiration date, bypassing proper TLS chain validation. Recommendations: At the moment, there is no...

8.8CVSS6.2AI score0.00247EPSS
Exploits3References4
CVE
CVE
added 2025/09/15 12:0 a.m.28 views

CVE-2025-46408

CVE-2025-46408 affects AVTECH EagleEyes 2.0.0. The vulnerability arises in AVTECH’s code paths push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient, where the code calls ALLOW_ALL_HOSTNAME_VERIFIER, bypassing hostname/domain validation during ...

9.8CVSS6.6AI score0.00611EPSS
Exploits3References1Affected Software1
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.6 views

AVTECH EagleEyes Lite 安全漏洞

AVTECH EagleEyes Lite is a remote instant monitoring mobile application from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH EagleEyes Lite version 2.0.0, which originates from the GetHttpsResponse method transmitting sensitive information with explicit query...

8.8CVSS6.3AI score0.00249EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2025/09/15 12:0 a.m.3 views

CVE-2025-50110

An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...

6.4AI score0.00249EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.5 views

PT-2025-37564

Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: An issue was discovered in the GetHttpsResponse method of push.lite.avtech.com.AvtechLib and the getNewHttpClient method of push.lite.avtech.com.Push HttpService. These methods set ALLOW ALL HOSTNAM...

9.8CVSS6.5AI score0.00611EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2025/09/15 12:0 a.m.7 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

6.6AI score0.00611EPSS
Exploits3References1
Cvelist
Cvelist
added 2025/09/15 12:0 a.m.9 views

CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...

0.00611EPSS
Exploits3References1
CVE
CVE
added 2025/09/15 12:0 a.m.17 views

CVE-2025-50110

CVE-2025-50110 affects AVTECH EagleEyes Lite 2.0.0. The GetHttpsResponse method transmits sensitive data (internal server URLs, account IDs, passwords, device tokens) as plaintext in URL query parameters over HTTPS, creating a cleartext leakage risk and credential exposure. The vulnerability is d...

8.8CVSS6.4AI score0.00249EPSS
Exploits2References1
CVE
CVE
added 2025/09/15 12:0 a.m.21 views

CVE-2025-50944

CVE-2025-50944 affects AVTECH EagleEyes 2.0.0. The vulnerability is in push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted where a custom X509TrustManager only checks certificate expiration date and does not perform proper TLS chain validation, enabling potential MITM or improper trust ...

8.8CVSS6.6AI score0.00247EPSS
Exploits3References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/15 12:0 a.m.5 views

CVE-2025-50944

An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...

6.6AI score0.00247EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.6 views

PT-2025-37565

Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes Lite version 2.0.0 Description: The GetHttpsResponse method transmits sensitive information – including internal server URLs, account IDs, passwords, and device tokens – as plaintext query parameters over HTTPS. The affected...

8.8CVSS6.2AI score0.00249EPSS
Exploits2References3
CNNVD
CNNVD
added 2025/09/15 12:0 a.m.4 views

AVTECH EagleEyes 安全漏洞

AVTECH EagleEyes is a remote instant monitoring mobile application from AVTECH, a Taiwan, China-based company. A security vulnerability exists in AVTECH EagleEyes version 2.0.0, which originates from a custom X509TrustManager that only checks the certificate expiration date and skips TLS chain...

8.8CVSS6.7AI score0.00247EPSS
Exploits3References3
Rows per page
Query Builder