CVE-2026-2754

Navtor NavBox exposes sensitive configuration and operational data due to missing authentication on HTTP API endpoints. An unauthenticated remote attacker with network access to the device can execute HTTP GET requests to TCP port 8080 to retrieve internal network parameters including ECDIS & OT...

CVE-2026-2820

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...

CVE-2026-2820 Fujian Smart Integrated Management Platform System XAccessPermissionPlus.ashx sql injection

A security flaw has been discovered in Fujian Smart Integrated Management Platform System up to 7.5. This issue affects some unknown processing of the file /Module/CRXT/Controller/XAccessPermissionPlus.ashx. The manipulation of the argument DeviceIDS results in sql injection. The attack may be...

Yinda Yunchuang Smart Integrated Management Platform System SQL注入漏洞

Yinda Yunchuang Smart Integrated Management Platform System is a smart management system developed by Yinda Yunchuang. Versions of the Yinda Yunchuang Smart Integrated Management Platform System prior to 7.5 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect...

Oneflow security vulnerabilities

Oneflow is an open-source deep learning framework developed by Oneflow. Version 0.9.0 of Oneflow contains a security vulnerability. This vulnerability stems from a flaw in the flow.cuda.getdevicecapability component, which lacks proper verification of GPU device IDs. This could lead to...

CVE-2025-32901

A flaw was found in KDE Connect. This vulnerability allows an application crash via malicious device IDs sent via broadcast UDP User Datagram Protocol. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria...

Linux Distros Unpatched Vulnerability : CVE-2025-32901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash. CVE-2025-32901 Note that Nessus relies on...

UBUNTU-CVE-2025-32901

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

CVE-2025-32901

In KDE Connect before 1.33.0 on Android, malicious device IDs sent via broadcast UDP could cause an application crash...

USN-7905-1: KDE Connect vulnerability

It was discovered that KDE Connect incorrectly handled device IDs. An attacker could possibly use this issue to bypass authentication and connect an unpaired device...

EUVD-2019-5344

Malware in sbrugna...

EUVD-2019-2920

Malware in sbrugna...

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

EUVD-2024-19496

Malicious code in bioql PyPI...

CVE-2019-14089

u'Keymaster attestation key and device IDs provisioning which is a one time process is incorrectly allowed to be re-provisioned after a user data erase or a factory reset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voi...

SUSE CVE-2022-49790

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforceinitdevice 1, for commit 6ac0aec6b0a6 "Input: iforce - allow callers supply data buffer when fetching device IDs"...

DEBIAN-CVE-2022-49790

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforceinitdevice 1, for commit 6ac0aec6b0a6 "Input: iforce - allow callers supply data buffer when fetching device IDs"...

CVE-2022-49790

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforceinitdevice 1, for commit 6ac0aec6b0a6 "Input: iforce - allow callers supply data buffer when fetching device IDs"...

GSD-2022-1007888 Input: iforce - invert valid length check when fetching device IDs

Input: iforce - invert valid length check when fetching device IDs This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.80 by commit...