Lucene search
K

632 matches found

OSV
OSV
added 2025/11/24 8:15 p.m.5 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS5.8AI score0.00132EPSS
Exploits0References2
NVD
NVD
added 2025/11/24 8:15 p.m.6 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

8.8CVSS0.00132EPSS
Exploits0References1
CVE
CVE
added 2025/11/24 12:0 a.m.19 views

CVE-2025-56400

CVE-2025-56400 describes a CSRF-type flaw in the OAuth flow of the Tuya SDK 6.5.0 for Android/iOS, affecting Tuya Smart and Smartlife apps and third‑party apps that integrate the SDK. The root cause is failure to validate the OAuth state parameter during account linking, allowing an attacker to t...

8.8CVSS6.3AI score0.00132EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2025/11/24 12:0 a.m.3 views

CVE-2025-56400

Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...

6.3AI score0.00132EPSS
Exploits0References1
HackRead
HackRead
added 2025/11/20 12:30 p.m.5 views

Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices

SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/11/20 12:21 a.m.9 views

CVE-2025-63219

The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...

7.5CVSS6.9AI score0.00402EPSS
Exploits1References1
OSV
OSV
added 2025/11/19 3:15 p.m.7 views

CVE-2025-63219

The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...

7.5CVSS5.8AI score0.00402EPSS
Exploits1References2
NVD
NVD
added 2025/11/19 3:15 p.m.6 views

CVE-2025-63219

The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...

7.5CVSS0.00402EPSS
Exploits1References2
HackRead
HackRead
added 2025/11/19 2:1 p.m.7 views

Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers

Palo Alto, California, 19th November 2025, CyberNewsWire...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/11/19 12:0 a.m.12 views

CVE-2025-63219

The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...

0.00402EPSS
Exploits1References2
CVE
CVE
added 2025/11/19 12:0 a.m.13 views

CVE-2025-63219

The CVE-2025-63219 issue affects the ITEL ISO FM SFN Adapter, specifically firmware ISO2 2.0.0.0 and WebServer 2.0. The root cause is improper/session management on the /home.html endpoint, allowing an unauthenticated user to hijack an active session and potentially control the device and modify ...

7.5CVSS6.6AI score0.00402EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.6 views

Eurolab ELTS100_UBX 安全漏洞

The Eurolab ELTS100UBX is a network connectivity device from Eurolab Italy. A security vulnerability exists in the Eurolab ELTS100UBX ELTS100v1.UBX version, which stems from a lack of authentication of critical management endpoints and could lead to full device control...

9.8CVSS6.9AI score0.00562EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

Itel DAB MUX 安全漏洞

Itel DAB MUX is an encoding and multiplexing all-in-one device from Itel, Italy. A security vulnerability exists in the Itel DAB MUX build c041640a version, which stems from improper JWT authentication and could lead to authentication bypass and full device control...

9.8CVSS6.9AI score0.00518EPSS
Exploits1References3
CNNVD
CNNVD
added 2025/11/18 12:0 a.m.5 views

METZ CONNECT多款产品 安全漏洞

METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany.METZ CONNECT Energy-Controlling EWIO2-M is a high performance data logger.METZ CONNECT Energy- Controlling EWIO2-M-BM is a high performance data logger.METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and actuat...

9.8CVSS7.2AI score0.00469EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/11/01 12:25 a.m.7 views

CVE-2025-29270

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...

10CVSS7.1AI score0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/31 6:31 p.m.4 views

EUVD-2025-37375

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...

10CVSS6.6AI score0.00329EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/10/31 12:0 a.m.8 views

PT-2025-44641

Name of the Vulnerable Software and Affected Versions Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26 Description A flaw exists in access control within the realtime.cgi endpoint of Deep Sea Electronics devices. This allows attackers to access the admin panel and gain complete control o...

10CVSS6.6AI score0.00329EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/10/31 12:0 a.m.5 views

Deep Sea Electronics DSE855 安全漏洞

Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26, which stems from improper access control of the realtime.cgi endpoint, and could allow an attacker...

10CVSS6.8AI score0.00329EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/31 12:0 a.m.7 views

CVE-2025-29270

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...

0.00329EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/29 6:30 p.m.5 views

EUVD-2025-36692

An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control other users' Dyson IoT devices remotely via MQTT...

7.5CVSS6.5AI score0.00359EPSS
Exploits0References3
Rows per page
Query Builder