EUVD-2025-201460

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

CVE-2025-66558 Nextcloud Twofactor WebAuthn app was updated based on public key

Nextcloud Twofactor WebAuthn is the WebAuthn Two-Factor Provider for Nextcloud. Prior to 1.4.2 and 2.4.1, a missing ownership check allowed an attack to take-away a 2FA webauthn device when correctly guessing a 80-128 character long random string of letters, numbers and symbols. The victim would...

EUVD-2025-11150

Malicious code in bioql PyPI...

EUVD-2021-9498

Malicious code in bioql PyPI...

CVE-2025-41645

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake...

CVE-2025-25276

An unauthenticated attacker can hijack other users' devices and potentially control them...

CVE-2025-25276

An unauthenticated attacker can hijack other users' devices and potentially control them...

CVE-2025-25276

CVE-2025-25276 relates to Growatt Cloud Applications (Growatt Cloud portal). Connected documents confirm an unauthenticated attacker can hijack other users’ devices and potentially take control, via vulnerabilities including an authorization bypass through a user-controlled key and improper input...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt, a Chinese company. A security vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which originates from an unauthenticated attacker who can hijack another user's device...

CVE-2021-22403

There is a vulnerability of hijacking unverified providers in Huawei Smartphone.Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...

CVE-2021-22403

CVE-2021-22403 describes a vulnerability in Huawei smartphones (EMUI and Magic UI) that stems from a hijacking unauthenticated provider vulnerability. The issue can allow an attacker to hijack the device and forge the UI to induce a user to execute malicious commands. The linked/connected sources...

Huawei Smartphone 安全漏洞

Huawei Emui is a mobile operating system developed based on Android.Magic Ui is a mobile operating system developed based on Android. A security vulnerability exists in Huawei Emui and Magic UI, which stems from the existence of a hijacking unauthenticated provider vulnerability that can be...

CVE-2021-22352

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands...

华为智能手机处理逻辑错误漏洞

Huawei Emui is a mobile operating system developed on Android. magic Ui is a mobile operating system developed on Android. Huawei Emui and Magic UI are vulnerable to a processing logic error, which stems from a configuration flaw in the device. An attacker could exploit the vulnerability to hijac...

2 Million IoT Devices Vulnerable to Complete Takeover

Over 2 million IP security cameras, baby monitors and smart doorbells have serious vulnerabilities that could enable an attacker to hijack the devices and spy on their owners — and there’s currently no known patch for the shared flaws. The attack stems from peer-to-peer P2P communication technolo...

Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes

A vulnerability in a popular Wi-Fi–connected electric outlet for smart homes would allow a remote attacker to take over smart TVs and other devices, as well as execute code – potentially exposing tens of thousands of consumers to cryptomining, ransomware, information disclosure, botnet enslavemen...