239 matches found
EUVD-2025-19631
Malicious code in bioql PyPI...
EUVD-2024-31208
Malicious code in bioql PyPI...
EUVD-2025-19646
Malicious code in bioql PyPI...
EUVD-2024-31209
Malicious code in bioql PyPI...
EUVD-2025-19645
Malicious code in bioql PyPI...
EUVD-2025-19640
Malicious code in bioql PyPI...
EUVD-2025-19644
Malicious code in bioql PyPI...
EUVD-2025-19643
Malicious code in bioql PyPI...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-50944
An issue was discovered in the method push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted in AVTECH EagleEyes 2.0.0. The custom X509TrustManager used in checkServerTrusted only checks the certificate's expiration date, skipping proper TLS chain validation...
PT-2025-37566
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: The custom X509TrustManager used in the checkServerTrusted function only checks the certificate's expiration date, bypassing proper TLS chain validation. Recommendations: At the moment, there is no...
PT-2025-37564
Name of the Vulnerable Software and Affected Versions: AVTECH EagleEyes version 2.0.0 Description: An issue was discovered in the GetHttpsResponse method of push.lite.avtech.com.AvtechLib and the getNewHttpClient method of push.lite.avtech.com.Push HttpService. These methods set ALLOW ALL HOSTNAM...
CVE-2025-50944
CVE-2025-50944 affects AVTECH EagleEyes 2.0.0. The vulnerability is in push.lite.avtech.com.MySSLSocketFactoryNew.checkServerTrusted where a custom X509TrustManager only checks certificate expiration date and does not perform proper TLS chain validation, enabling potential MITM or improper trust ...
CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.PushHttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOWALLHOSTNAMEVERIFIER, bypassing domain validation...
CVE-2025-50110
An issue was discovered in the method push.lite.avtech.com.AvtechLib.GetHttpsResponse in AVTECH EagleEyes Lite 2.0.0, the GetHttpsResponse method transmits sensitive information - including internal server URLs, account IDs, passwords, and device tokens - as plaintext query parameters over HTTPS...
CVE-2025-46408
CVE-2025-46408 affects AVTECH EagleEyes 2.0.0. The vulnerability arises in AVTECH’s code paths push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient, where the code calls ALLOW_ALL_HOSTNAME_VERIFIER, bypassing hostname/domain validation during ...