101 matches found
CVE-2026-44592
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
CVE-2026-44592
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
CVE-2026-44592 Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
EUVD-2026-30365
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENTDISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
PT-2026-41018
Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT DISCOVERABLE=true the default, and the NixOS module default, anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has...
Astra Linux - уязвимость в bluez
The bluetoothd function from the bluez library incorrectly preserves the discoverable status of adapters when a device is powered down, and restores that status when the device is powered on again. If a device is in the discoverable state while powered down, it will remain discoverable when the...
CVE-2025-64309
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
CVE-2025-64309 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
EUVD-2025-197664
Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users when they connect to a specific URL. The unauthenticated URL can be discovered through basic network scanning techniques...
PT-2025-47031
Name of the Vulnerable Software and Affected Versions Brightpick Mission Control affected versions not specified Description Brightpick Mission Control discloses device telemetry, configuration, and credential information via WebSocket traffic to unauthenticated users connecting to a specific URL...
EUVD-2021-26953
Malware in sbrugna...
EUVD-2022-29562
Malicious code in bioql PyPI...
EUVD-2025-4243
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-24695
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. ...
Linux Distros Unpatched Vulnerability : CVE-2018-10910
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead t...
CVE-2025-20991
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...
CVE-2025-20991
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...
CVE-2025-20991
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable...
CVE-2025-20991
CVE-2025-20991 affects Android Bluetooth components, where improper export of Android application components enables local attackers to make devices discoverable. The issue is tied to Samsung/Android deployments prior to SMR Jun-2025 Release 1. Root cause: improper component export in Bluetooth h...