48 matches found
BrightSign Digital Signage 8.2.26 - Server-Side Request Forgery
Unauthenticated Server-Side Request Forgery SSRF vulnerability exists in the BrightSign digital signage media player affecting the Diagnostic Web Server DWS. The application parses user supplied data in the 'url' GET parameter to construct a diagnostics request to the Download Speed Test service...
CVE-2025-54756
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...
CVE-2025-54756
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...
CVE-2025-54756 BrightSign Players Use of Default Credentials
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...
CVE-2025-54756
BrightSign OS devices are affected: BrightSign players (OS series 4 before v8.5.53.1 and series 5 before v9.0.166) contain an execution with unnecessary privileges vulnerability that enables privilege escalation after code execution. Remediation is to upgrade to v8.5.53.1 (series 4) or v9.0.166 (...
CVE-2025-54756 BrightSign Players Use of Default Credentials
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...
CVE-2025-54756
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 use a default password that is guessable with knowledge of the device information. The latest release fixes this issue for new installations; users of old installations are encouraged to change all...
BrightSign OS 安全漏洞
BrightSign OS is an operating system designed for hardware players by the American company BrightSign. Versions prior to BrightSign OS Series 4 v8.5.53.1 and Series 5 v9.0.166 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable default passwords, which...
PT-2026-7862
Name of the Vulnerable Software and Affected Versions BrightSign players versions prior to 8.5.53.1 series 4 BrightSign players versions prior to 9.0.166 series 5 Description BrightSign players utilize a default password that can be easily guessed if device information is known. This allows...
EUVD-2020-30845
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
CVE-2020-36884
BrightSign Digital Signage Diagnostic Web Server ≤ 8.2.26 is affected by an unauthenticated SSRF in the Download Speed Test service via the url parameter. The vulnerability allows an attacker to force the application to perform arbitrary HTTP requests to internal network hosts, potentially bypass...
CVE-2020-36884 BrightSign Digital Signage Diagnostic Web Server 8.2.26 Unauthenticated SSRF
BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forci...
BrightSign Digital Signage Diagnostic Web Server 代码问题漏洞
BrightSign Digital Signage Diagnostic Web Server is a troubleshooting and configuration tool from BrightSign USA. A code issue vulnerability exists in BrightSign Digital Signage Diagnostic Web Server version 8.2.26 and earlier, which stems from a server-side request forgery in the url parameter o...
EUVD-2017-8889
Malware in sbrugna...
EUVD-2025-13932
Malicious code in bioql PyPI...
CVE-2025-3925
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained...
CVE-2025-3925
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained...
CVE-2025-3925
CVE-2025-3925 affects BrightSign OS: BrightSign OS series 4 before 8.5.53.1 and series 5 before 9.0.166. The issue is described as an execution with unnecessary privileges, enabling privilege escalation on the device once code execution is obtained. Multiple connected sources confirm the affected...
CVE-2025-3925 BrightSign Players Execution with Unnecessary Privileges
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained...
CVE-2025-3925 BrightSign Players Execution with Unnecessary Privileges
BrightSign players running BrightSign OS series 4 prior to v8.5.53.1 or series 5 prior to v9.0.166 contain an execution with unnecessary privileges vulnerability, allowing for privilege escalation on the device once code execution has been obtained...