EUVD-2025-13275

Malicious code in bioql PyPI...

EUVD-2024-0073

Malicious code in bioql PyPI...

EUVD-2025-22385

Malicious code in bioql PyPI...

EUVD-2025-18987

Malicious code in bioql PyPI...

EUVD-2023-36708

Malicious code in bioql PyPI...

EUVD-2024-27411

Malicious code in bioql PyPI...

EUVD-2024-44562

Malicious code in bioql PyPI...

EUVD-2024-36487

Malicious code in bioql PyPI...

EUVD-2025-23410

Malicious code in bioql PyPI...

EUVD-2024-28055

Malicious code in bioql PyPI...

EUVD-2024-54502

Malicious code in bioql PyPI...

PT-2025-39376

Name of the Vulnerable Software and Affected Versions iMonitor EAM version 9.6394 Description The software transmits communication between the EAM client agent and the EAM server, and between the EAM monitor management software and the server, in plaintext without authentication or encryption. An...

PT-2025-37925

Name of the Vulnerable Software and Affected Versions: Dolusoft Omaspot versions prior to 12.09.2025 Description: A cleartext transmission of sensitive information issue exists in Dolusoft Omaspot, potentially allowing interception and privilege escalation. Recommendations: Update Dolusoft Omaspo...

CVE-2025-55443

Affected product: Telpo MDM Android, versions 1.4.6–1.4.9. Vulnerability: Sensitive administrator credentials and MQTT server connection details are stored in plaintext in log files on external storage, enabling access to the MDM web platform to perform administrative operations and to the MQTT s...

K000152049: F5 Access for Android vulnerability CVE-2025-54809

Security Advisory Description F5 Access for Android before version 3.1.2, which uses HTTPS, does not verify the remote endpoint identity. CVE-2025-54809 Impact An attacker with a network position that allows them to intercept network traffic may be able to read and/or modify data in transit. The...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

CVE-2025-52586

The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This vulnerability may allow an attacker with access to a local network to intercept, manipulate, replay, or forge critical data, including read/write...

EG4 Electronics EG4 Inverters 安全漏洞

EG4 Electronics EG4 Inverters is a series of hybrid inverters from EG4 Electronics, USA. A security vulnerability exists in the EG4 Electronics EG4 Inverters that stems from the unencrypted transmission of MOD3 command traffic, which could lead to data interception and tampering...

PT-2025-32368

Name of the Vulnerable Software and Affected Versions: Inverter affected versions not specified Description: The MOD3 command traffic between the monitoring application and the inverter is transmitted in plaintext without encryption or obfuscation. This may allow an attacker with access to a loca...

EG4 Electronics EG4 Inverters (Update B)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to intercept and manipulate critical data, install malicious firmware, hijack device access, and gain unauthorized control over the system. 2. RECOMMENDED PRACTICES CISA recommends users take defensive...