Yarbo responds to robot flaws that could mow down their owners

A researcher found that Yarbo yard robots came with a host of vulnerabilities which, among others, allowed an attacker to harvest WiFi passwords. Security researcher Andreas Makris found he could remotely hijack thousands of Yarbo yard robots worldwide, and proved it by having his mower run him...

CVE-2025-65127

A lack of session validation in the web API component of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote unauthenticated attackers to access administrative information-retrieval functions intended for authenticated users. By invoking "get" operations, attackers can obtain device...

CVE-2021-31989

A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices...

CVE-2019-18256

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable format. An attacker with physical access to the CardioMessenger can use these credentials for network authentication and decryption of local data in transit...

EUVD-2019-2921

Malware in sbrugna...

EUVD-2019-10393

Malware in sbrugna...

EUVD-2024-42180

Malicious code in bioql PyPI...

CVE-2025-1711 CVE-2025-1711

Multiple services of the DUT as well as different scopes of the same service reuse the same credentials...

CVE-2025-44612

Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle attack...

CVE-2024-46874

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud...

CVE-2024-46874 Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud...

CVE-2024-46874 Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud...

CVE-2024-46874

CVE-2024-46874 affects Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x. The root causes include a weak MQTT credential mechanism and features that allow an authenticated MQTT client (with device credentials) to publish to topics, view/exfiltrate data, invalidate sessions, and iss...

Ruijie Networks ReyeeOS 安全漏洞

Ruijie Networks ReyeeOS is a router from Ruijie Networks China. A security vulnerability exists in Ruijie Networks ReyeeOS versions 2.206.x through 2.320.x prior. An attacker could use this vulnerability to send messages to certain topics using an MQTT client connected with device credentials...

CVE-2024-20515

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to a lack of proper data protection mechanisms for certain configuration...

CVE-2024-20448

The CVE-2024-20448 involves Cisco Nexus Dashboard Fabric Controller (NDFC) (formerly DCNM). It stems from improper storage of sensitive data in config-only and full backup files, enabling an attacker with access to a backup generated by an affected device to view sensitive information, including ...

CVE-2023-20220

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...

Input validation

Multiple vulnerabilities in the web management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The attacker would need valid device credentials but does not require...

Cisco Firepower Management Center Software Command Injection Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...

CVE-2023-20111

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to the improper storage of sensitive information within the web-based management interface. An...