632 matches found
CVE-2025-56400
Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...
CVE-2025-56400
Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...
CVE-2025-56400
CVE-2025-56400 describes a CSRF-type flaw in the OAuth flow of the Tuya SDK 6.5.0 for Android/iOS, affecting Tuya Smart and Smartlife apps and third‑party apps that integrate the SDK. The root cause is failure to validate the OAuth state parameter during account linking, allowing an attacker to t...
CVE-2025-56400
Cross-Site Request Forgery CSRF vulnerability in the OAuth implementation of the Tuya SDK 6.5.0 for Android and iOS, affects the Tuya Smart and Smartlife mobile applications, as well as other third-party applications that integrate the SDK, allows an attacker to link their own Amazon Alexa accoun...
Comet Browser Flaw Lets Hidden API Run Commands on Users’ Devices
SquareX warns Perplexity's Comet AI browser contains a hidden MCP API that bypasses security, allowing attackers to install malware and seize full device control...
CVE-2025-63219
The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...
CVE-2025-63219
The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...
CVE-2025-63219
The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...
Obscure MCP API in Comet Browser Breaches User Trust, Enabling Full Device Control via AI Browsers
Palo Alto, California, 19th November 2025, CyberNewsWire...
CVE-2025-63219
The ITEL ISO FM SFN Adapter firmware ISO2 2.0.0.0, WebServer 2.0 is vulnerable to session hijacking due to improper session management on the /home.html endpoint. An attacker can access an active session without authentication, allowing them to control the device, modify configurations, and...
CVE-2025-63219
The CVE-2025-63219 issue affects the ITEL ISO FM SFN Adapter, specifically firmware ISO2 2.0.0.0 and WebServer 2.0. The root cause is improper/session management on the /home.html endpoint, allowing an unauthenticated user to hijack an active session and potentially control the device and modify ...
Eurolab ELTS100_UBX 安全漏洞
The Eurolab ELTS100UBX is a network connectivity device from Eurolab Italy. A security vulnerability exists in the Eurolab ELTS100UBX ELTS100v1.UBX version, which stems from a lack of authentication of critical management endpoints and could lead to full device control...
Itel DAB MUX 安全漏洞
Itel DAB MUX is an encoding and multiplexing all-in-one device from Itel, Italy. A security vulnerability exists in the Itel DAB MUX build c041640a version, which stems from improper JWT authentication and could lead to authentication bypass and full device control...
METZ CONNECT多款产品 安全漏洞
METZ CONNECT Energy-Controlling EWIO2-M and others are products of METZ CONNECT, Germany.METZ CONNECT Energy-Controlling EWIO2-M is a high performance data logger.METZ CONNECT Energy- Controlling EWIO2-M-BM is a high performance data logger.METZ CONNECT Ethernet-IO EWIO2-BM is a sensor and actuat...
CVE-2025-29270
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...
EUVD-2025-37375
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...
PT-2025-44641
Name of the Vulnerable Software and Affected Versions Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26 Description A flaw exists in access control within the realtime.cgi endpoint of Deep Sea Electronics devices. This allows attackers to access the admin panel and gain complete control o...
Deep Sea Electronics DSE855 安全漏洞
Deep Sea Electronics DSE855 is a USB to Ethernet communication device from Deep Sea Electronics, UK. A security vulnerability exists in the Deep Sea Electronics DSE855 versions 1.1.0 through 1.1.26, which stems from improper access control of the realtime.cgi endpoint, and could allow an attacker...
CVE-2025-29270
Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...
EUVD-2025-36692
An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control other users' Dyson IoT devices remotely via MQTT...