EUVD-2023-32108

Malicious code in bioql PyPI...

EUVD-2025-31760

Malicious code in bioql PyPI...

CVE-2025-56675

The EKEN video doorbell T6 BT60PLUSMAINV1.0GC108420230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password...

CVE-2025-56675

The EKEN video doorbell T6 BT60PLUSMAINV1.0GC108420230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password...

CVE-2025-56675

The EKEN video doorbell T6 BT60PLUSMAINV1.0GC108420230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password...

CVE-2025-56675

The CVE-2025-56675 entry concerns the EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531, where the device periodically sends debug logs to EKEN cloud servers that include sensitive data such as the Wi‑Fi SSID and password. Public documents from Red Hat and others corroborate the issue as ...

PT-2025-40018

Name of the Vulnerable Software and Affected Versions EKEN video doorbell T6 BT60PLUS MAIN V1.0 GC1084 20230531 Description The EKEN video doorbell T6 BT60PLUS MAIN V1.0 GC1084 20230531 firmware periodically transmits debug logs to EKEN cloud servers. These logs contain sensitive information,...

ShadowV2 Botnet Uses Misconfigured AWS Docker for DDoS-For-Hire Service

Darktrace researchers have uncovered ShadowV2, a new botnet that operates as a DDoS-for-hire service by infecting misconfigured Docker containers on AWS cloud servers...

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

Authentication flaw

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

CVE-2023-31241

CVE-2023-31241 affects Snap One OvrC cloud services (OvrC Pro/Connect). The issue is an access-control route that lets an attacker bypass requirements and claim unclaimed devices by bypassing the serial-number check. Root cause: improper access controls/identity checks in the device-to-cloud inte...

CVE-2023-31241

Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright...

CVE-2023-28412

The CVE-2023-28412 entry describes an information disclosure vulnerability in the Snap One OvrC cloud platform. When a random MAC address is supplied, the OvrC cloud servers enumerate the MAC and disclose device information, enabling an attacker to obtain data about devices connected to the cloud...

PT-2023-23262 · Snap One · Snap One Ovrc

Name of the Vulnerable Software and Affected Versions: Snap One OvrC affected versions not specified Description: The issue concerns Snap One OvrC cloud servers, where an attacker can exploit a route to bypass requirements and claim devices outright. No information is provided about the estimated...

Privilege Escalation

org.jenkins-ci.plugins:azure-vm-agents is vulnerable to Privilege Escalation. An attacker with access to the Overall/Read permission is able to connect to Azure Cloud servers using attacker-specified credentials IDs...

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. Dubbed Peekaboo by researchers from Carnegie Mellon University, the system "leverages an...

DDoS Attacks Grow More Sophisticated as Imperva Mitigates Largest Attack

Only a few months ago Imperva reported mitigating against two of the largest DDoS attacks of 2020. However, in the past few weeks we’ve observed a rise in the number of DDoS attacks against our customers where both the volume of attacks and their level of intensity have increased significantly. O...

Zoom Bug Allowed Snoopers Crack Private Meeting Passwords in Minutes

Popular video conferencing app Zoom recently fixed a new security flaw that could have allowed potential attackers to crack the numeric passcode used to secure private meetings on the platform and snoop on participants. Zoom meetings are by default protected by a six-digit numeric password, but...