Automated Logic Zone Controllers 安全漏洞

Automated Logic Zone Controllers is a hardware controller in a building automation system from Automated Logic USA. A security vulnerability exists in Automated Logic Zone Controllers that stems from the BACnet protocol causing the device to crash and may require manual power cycling to recover...

Malicious code in pyxis-rigel-janus-arcturus (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 149143ea758c2f50f0c3caf2cec3676d63130450fede977297122d2e51b81f11 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Malicious code in pretty-sapphire-mole (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 18b70a577e962c0ab5c74fa4976a934bfe27aa0140d60e0deec0de56b1126aa9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2014-7390

Malware in sbrugna...

EUVD-2024-31887

Malicious code in bioql PyPI...

EUVD-2025-2572

Malicious code in bioql PyPI...

CVE-2025-21615

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

swiss-cycling.ch Cross Site Scripting vulnerability OBB-4038088

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-21615

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

CVE-2025-21615 AAT allows data exfiltration by other apps installed on the same device

AAT Another Activity Tracker is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device...

Google Car App 安全漏洞

Google Car App is a library of cycling applications from Google Inc USA. A security vulnerability exists in Google Car App that stems from the presence of a code execution vulnerability that could lead to arbitrary code execution...

CVE-2024-52317 Apache Tomcat: Request/response mix-up with HTTP/2

Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through...

Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

Please don’t, actually. But do update your Shimano Di2 shifters’ software to prevent a new radio-based form of cycling sabotage...

CVE-2024-3297 Session establishment lock-up during replay of CASE Sigma1 messages

An issue in the Certificate Authenticated Session Establishment CASE protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive...

otbcycling.com Improper Access Control vulnerability OBB-3806609

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Important: Red Hat Security Advisory: Fence Agents Remediation Operator 0.2.1 security update

This is an updated version for the fence-agents-remediation-operator-bundle-container and the fence-agents-remediation-operator-container. It is now available for Fence Agents Remediation 0.2 for RHEL 8. Red Hat Product Security has rated this update as having a security impact of Important. A...

PT-2023-27341

Name of the Vulnerable Software and Affected Versions No specific software or versions are mentioned in the provided description. Description The issue concerns a lightning vulnerability related to replacement cycling attacks. It is noted that decentralization is viewed as a spectrum, but it does...

Siemens LOGO! 8 BM Devices Improper Input Validation (CVE-2022-36362)

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions. Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be...

women.cyclingfever.com Cross Site Scripting vulnerability OBB-3677800

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cyclingfever.com Cross Site Scripting vulnerability OBB-3500980

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...