CVE-2025-11643

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

CVE-2025-11642

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...

CVE-2025-11642

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...

CVE-2025-11641

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high...

CVE-2025-11641

A vulnerability was determined in Tomofun Furbo 360 and Furbo Mini. This impacts an unknown function of the component Trial Restriction Handler. This manipulation causes improper access controls. It is feasible to perform the attack on the physical device. The attack is considered to have high...

CVE-2025-11642 Tomofun Furbo 360/Furbo Mini Registration denial of service

A vulnerability was identified in Tomofun Furbo 360 and Furbo Mini. Affected is an unknown function of the component Registration Handler. Such manipulation leads to denial of service. The attack can be executed directly on the physical device. The attack requires a high level of complexity. The...

CVE-2025-11642

CVE-2025-11642 affects Tomofun Furbo 360 and Furbo Mini, where an unknown function of the Registration Handler can be manipulated to cause a denial of service. The attack requires direct access to the physical device and is described as high complexity with low attack practicality in some sources...

CVE-2025-11636

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-11636 Tomofun Furbo 360 Account server-side request forgery

A security vulnerability has been detected in Tomofun Furbo 360 up to FB0035FW036. This issue affects some unknown processing of the component Account Handler. Such manipulation leads to server-side request forgery. The attack can be executed remotely. This attack is characterized by high...

CVE-2025-11636

CVE-2025-11636 affects Tomofun Furbo 360 up to FB0035_FW_036. The issue resides in the Account Handler component and enables server-side request forgery (SSRF) through some manipulated processing, with remote execution possible. Exploitation is described as high complexity and difficult, with no ...

PT-2025-41716

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in the HTTP Traffic Handler component of Tomofun Furbo 360 and Furbo Mini. This issue results in improper certificat...

PT-2025-41729

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description An issue exists in the Trial Restriction Handler component of Tomofun Furbo 360 and Furbo Mini that results in improper access...

PT-2025-41735

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description A flaw exists in Tomofun Furbo 360 and Furbo Mini related to the processing of the GATT Service component. Manipulation of the...

CVE-2025-11609 code-projects Hospital Management System express-session hard-coded key

A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is...

PT-2025-41695

Name of the Vulnerable Software and Affected Versions code-projects Hospital Management System version 1.0 Description A flaw exists in the session function of the express-session component in code-projects Hospital Management System version 1.0. This issue involves manipulation of the secret...

Your passwords don’t need so many fiddly characters, NIST says

It’s once again time to change your passwords, but if one government agency has its way, this might be the very last time you do it. After nearly four years of work to update and modernize its guidance for how companies, organizations, and businesses should protect their systems and their...

A Meta-Complexity Characterization of Minimal Quantum Cryptography

We give a meta-complexity characterization of EFI pairs, which are considered the "minimal" primitive in quantum cryptography and are equivalent to quantum commitments. More precisely, we show that the existence of EFI pairs is equivalent to the following: there exists a non-uniformly samplable...

CVE-2025-11489

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...

CVE-2025-11489 wonderwhy-er DesktopCommanderMCP filesystem.ts isPathAllowed symlink

A security vulnerability has been detected in wonderwhy-er DesktopCommanderMCP up to 0.2.13. This vulnerability affects the function isPathAllowed of the file src/tools/filesystem.ts. The manipulation leads to symlink following. The attack can only be performed from a local environment. The...