20 matches found
EUVD-2025-23678
Malicious code in bioql PyPI...
EUVD-2023-58151
Malicious code in bioql PyPI...
CVE-2025-8650 Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability
Kenwood DMX958XR libSystemLib Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific...
PT-2025-32059 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices without authentication. The flaw resides within the...
PT-2025-32055 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices without authentication. The flaw resides in the...
CVE-2024-48799
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48793
An issue in INATRONIC com.inatronic.bmw 2.7.1 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48790
An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48778
An issue in GIANT MANUFACTURING CO., LTD RideLink tw.giant.ridelink 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48770
An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48772
An issue in C-CHIP com.cchip.cchipamaota v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48788
An issue in YESCAM com.yescom.YesCam.zwave 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process...
CVE-2024-48774
An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process...
PT-2025-17325 · Nautel · Nautel Vx Series
Name of the Vulnerable Software and Affected Versions: Nautel VX Series transmitters VX SW versions 6.4.0 and below Description: The issue is related to a remote code execution RCE vulnerability in the firmware update process. This allows attackers to execute arbitrary code by supplying a crafted...
Shelly com.home.shelly 安全漏洞
Shelly com.home.shelly is a firmware program from Shelly, Inc. A security vulnerability exists in Shelly com.home.shelly version 1.0.4, which stems from a contained vulnerability that allows remote attackers to obtain sensitive information through the firmware update process...
CVE-2024-48788
CVE-2024-48788 affects YESCAM (com.yescom.YesCam.zwave) 1.0.2. A flaw in the firmware update process may allow a remote attacker to obtain sensitive information and, per PT-2024-33222, could enable arbitrary code execution with admin privileges. No fix for 1.0.2 is publicly documented in the conn...
(0Day) Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...
PT-2024-22765 · Alcatel Lucent · Alcatel-Lucent Ale Noe Deskphones +1
Name of the Vulnerable Software and Affected Versions: Alcatel-Lucent ALE NOE deskphones versions 86x8 NOE-R300.1.40.12.4180 and earlier Alcatel-Lucent ALE SIP deskphones versions 86x8 SIP-R200.1.01.10.728 and earlier Description: An issue was discovered due to a time-of-check time-of-use...
CVE-2022-46430
TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...
CVE-2019-15310
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control over Linkplay's AWS estate, including S3 buckets containing device firmware. When...