SUSE CVE-2026-23999

Fleet is open source device management software. In versions prior to 4.80.1, Fleet generated device lock and wipe PINs using a predictable algorithm based solely on the current Unix timestamp. Because no secret key or additional entropy was used, the resulting PIN could potentially be derived if...

PT-2026-22114

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet generates device lock and wipe PINs using a predictable algorithm based on the current Unix timestamp in affected versions. The PIN could potentially be derived if the approximate time the devic...

EUVD-2011-4424

Malware in sbrugna...

EUVD-2025-18918

Malicious code in bioql PyPI...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

CVE-2025-52464

Meshtastic is an open source mesh networking solution. In versions from 2.5.0 to before 2.6.11, the flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, the Meshtastic was failing to properly initialize the internal randomness pool on some...

CVE-2025-52464

Meshtastic versions 2.5.0–2.6.10 expose a vulnerability where flashing procedures can duplicate public/private keys and the RNG may have low entropy, allowing an attacker to decrypt Direct Messages after collecting compromised keys. This is caused by key generation timing and insufficient randomn...

PT-2025-26221

Name of the Vulnerable Software and Affected Versions Meshtastic versions 2.5.0 through 2.6.10 Description Meshtastic is an open source mesh networking solution. The flashing procedure of several hardware vendors was resulting in duplicated public/private keys. Additionally, Meshtastic was failin...

CVE-2023-38294

Certain software builds for the Itel Vision 3 Turbo Android device contain a vulnerable pre-installed app with a package name of com.transsion.autotest.factory versionCode='7', versionName='1.8.02203101027' that allows local third-party apps to execute arbitrary shell commands in its context syst...

Unable to enroll any device when using Certificate based authentication

Enrollments are failing for all platforms. During the enrollment process,the server logs are showing a failure to sign the CSR, followed by a wipe triggered on the device: 2017-09-10T10:11:12.45+0100 | 32A9CFAD5515A088 | ERROR | http-nio-10443-exec-3 | com.sparus.nps.ios.agent.V10AgentHandler |...

Apple iOS Exchange ActiveSync Authentication Vulnerability

Apple iOS is an operating system developed by Apple for mobile devices.Exchange ActiveSync is one of the Microsoft Exchange synchronization protocols. A security vulnerability exists in the Exchange ActiveSync component in versions of Apple iOS prior to 11. A remote attacker can exploit this...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the web console in Zenprise Device Manager 6.x through 6.1.8 allows remote attackers to hijack the authentication of administrators for requests that wipe mobile devices...