10 matches found
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device
NPM: OpenClaw: Paired-device pairing actions were not limited to the caller device vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...
CVE-2025-59370
A command injection vulnerability has been identified in bwdpi. A remote, authenticated attacker could leverage this vulnerability to potentially execute arbitrary commands, leading to the device executing unintended instructions. Refer to the 'Security Update for ASUS Router Firmware' section on...
EUVD-2025-11133
Malicious code in bioql PyPI...
CVE-2025-31360
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...
CVE-2025-31360
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...
CVE-2025-31360 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...
CVE-2025-31360
CVE-2025-31360 affects Growatt Cloud Applications (Growatt Cloud Portal). Multiple connected sources confirm an unauthenticated attacker can trigger device actions associated with specific “scenes” of arbitrary users, implying remote control of devices without user interaction. The vulnerability ...
CVE-2025-31360 Growatt Cloud portal Authorization Bypass Through User-Controlled Key
Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users...
Growatt Cloud Applications 安全漏洞
Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and earlier, which originates from an unauthenticated attacker who can trigger device actions related to specific scenarios...
nfp: flower: handle acti_netdevs allocation failure
...