CVE-2025-64385

CVE-2025-64385 affects Circutor TCPRS1plus. The issue arises when configuring the device via UDP through the manufacturer’s software, where any aspect of the initial configuration can be changed by the device’s MAC address without authentication. The vulnerability is observed in the UDP configura...

CVE-2019-19560

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information...

CVE-2019-19557

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information...

Advanced PWA inc Push Notifications - Critical - Access bypass - SA-CONTRIB-2024-017

Progressive web applications are web applications that load like regular web pages or websites but can offer the user functionality such as working offline, push notifications, and device hardware access traditionally available only to native applications. This module doesn't sufficiently protect...

Insecure Storage of Sensitive Information in Microweber

Microweber prior to version 1.3 does not strip images of EXIF data, exposing information about users' locations, device hardware, and device software...

Apple Outlines 2021 Security, Privacy Roadmap

Click to Register Apple released its 2021 Platform Security guide, Thursday, outlining its current and year-ahead agenda for its device hardware, software and silicon security. This year’s 192-page report is beefed-up, compared to past reports, with a wealth of new insights into how Apple is...

CVE-2019-19562

An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information...

CVE-2019-19560

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information...

PCI passthrough code reading back hardware registers

ISSUE DESCRIPTION Code paths in Xen's MSI handling have been identified which act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for device...

Design/Logic Flaw

Kingston DataTraveler BlackBox DTBB, DataTraveler Secure Privacy Edition DTSP, and DataTraveler Elite Privacy Edition DTEP USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the...

CVE-2010-0224

SanDisk Cruzer Enterprise USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program...