PT-2026-3475

Name of the Vulnerable Software and Affected Versions ESPHome versions 2025.9.0 through 2025.12.6 Description ESPHome is a system for remote microcontroller control via Home Automation systems. An integer overflow in the API component’s protobuf decoder can lead to denial-of-service attacks when...

CVE-2025-64122 Nuvation Energy Multi-Stack Controller Private Key Stored on Device

Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller MSC allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller MSC: through 2.5.1...

ZTE ZXMP M721 Private Key Disclosure Vulnerability

The ZTE ZXMP M721 is a metro edge OTN Optical Transport Network device from ZTE, China. The ZTE ZXMP M721 suffers from a private key disclosure vulnerability, which originates from a low-privilege user being able to bypass authorization checks to view the device's communication private key, and...

Improper Validation of Specified Type of Input

Overview matrix-synapse is an ecosystem for open federated Instant Messaging and VoIP. Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to insufficient validation of device keys. An attacker can disrupt federation functionality and unpredictab...

DEBIAN-CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

synapse 安全漏洞

synapse is a matrix master server from Element open source. A security vulnerability exists in synapse versions prior to 1.138.3 and 1.139.0, which stems from a missing device key authentication and could lead to degradation of federation functionality...

SUSE CVE-2025-61672

Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeserver...

EUVD-2019-0811

Malware in sbrugna...

CVE-2023-0352

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default...

CVE-2024-57273

Netgate pfSense CE prior to 2.8.0 beta release and corresponding Plus builds is vulnerable to Cross-site scripting XSS in the Automatic Configuration Backup ACB service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized...

CVE-2022-26942

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment TEE modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure superviso...

Design/Logic Flaw

The Motorola MTM5000 series firmwares lack pointer validation on arguments passed to trusted execution environment TEE modules. Two modules are used, one responsible for KVL key management and the other for TETRA cryptographic functionality. In both modules, an adversary with non-secure superviso...

Motorola MTM5000 Security Vulnerability

The Motorola MTM5000 is a mobile radio from Motorola, USA. A security vulnerability in the Motorola MTM5000, which stems from a lack of pointer validation of parameters passed to the Trusted Execution Environment TEE module, can be exploited by an attacker to obtain secure supervised code executi...

CVE-2023-0352

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default...

Default credentials

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default...

CVE-2023-0352 CVE-2023-0352

The Akuvox E11 password recovery webpage can be accessed without authentication, and an attacker could download the device key file. An attacker could then use this page to reset the password back to the default...

PT-2023-16204 · Akuvox · Akuvox E11

Name of the Vulnerable Software and Affected Versions: Akuvox E11 affected versions not specified Description: The issue concerns the Akuvox E11 password recovery webpage, which can be accessed without proper authentication. This allows an attacker to download the device key file and subsequently...

Akuvox E11 授权问题漏洞

Akuvox E11 is a SIP visual doorbell from Akuvox designed for villas, houses and apartments. The Akuvox E11 suffers from an authorization issue vulnerability that stems from accessing the Akuvox E11 password recovery web page without authentication, which allows an attacker to download the device...

Information disclosure

The Zoom Client for Meetings for Android, iOS, Linux, macOS, and Windows before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting...