EUVD-2021-13432

Malware in sbrugna...

EUVD-2023-54470

Malicious code in bioql PyPI...

CVE-2025-2394

CVE-2025-2394 affects Ecovacs Home mobile apps (Android and iOS) up to version 3.3.0. The root cause is embedded Alibaba OSS access keys and secrets within the app, enabling potential sensitive data disclosure. The accompanying PT-2025-22570 advisory recommends removing or securely storing embedd...

CVE-2024-56972

An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link...

CVE-2023-4617

Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in...

CVE-2024-25699

There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker...

PT-2022-24269 · Esri · Esri Portal For Arcgis

Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 10.9.0 and below Description: The issue is an HTML injection problem that may allow a remote, authenticated attacker to inject HTML into some locations in the home application. This could potentially be exploit...

Authentication flaw

The QBee MultiSensor Camera through 4.16.4 accepts unencrypted network traffic from clients such as the QBee Cam application through 1.0.5 for Android and the Swisscom Home application up to 10.7.2 for Android, which results in an attacker being able to reuse cookies to bypass authentication and...