Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the RabbitConnectionFactoryBean.setUri function when configuring a broker connection with an amqps:// URI without also invoking setUseSSLtrue. An attacker can intercept or manipulate encrypted traffic ...

Hobby coder accidentally creates vacuum robot army

Sammy Azdoufal wanted to steer his robot vacuum with a PS5 controller. Like any good maker, he thought it would be fun to drive a new DJI Romo around manually. He ended up gaining access to an army of robotic cleaners that gave him eyes into thousands of homes. Driven by purely playful reasons,...

CVE-2025-66217

AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Leng...

CVE-2023-33372

Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them...

CVE-2020-13179

Broker Protocol messages in Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to 20.04.1 are not cleaned up in server memory, which may allow an attacker to read confidential information from a memory dump via forcing a crashing during the single sign-on procedure...

qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling

A flaw was found in the way the Qpid daemon qpidd processed certain protocol sequences. An unauthenticated attacker able to send a specially crafted protocol sequence set could use this flaw to crash qpidd...