CVE-2025-3654

Petlibro Smart Pet Feeder Platform (vulnerable up to 1.7.31) exposes an information disclosure via insecure API endpoint /device/devicePetRelation/getBoundDevices. Attackers can retrieve device hardware identifiers (serial numbers, MAC addresses) by supplying a pet ID, potentially enabling unauth...

PT-2026-1182

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an information disclosure issue. This allows unauthorized access to device hardware information. An attacker can obtain...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

Mars: Customer Data Exposure via Insecure Endpoint of coupon

A security vulnerability was identified in the Royal Canin Greece website. An insecure API endpoint was exposed that allowed unauthorized access to customer information without requiring authentication. The endpoint related to coupon functionality and revealed sensitive customer data, including...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

TVS Motor Connect Mobile Application 安全漏洞

TVS Motor Connect Mobile Application is an application by TVS Motor India to experience the products and services of TVS Motor Company. A security vulnerability exists in TVS Motor Connect Mobile Application Android v.4.5.1 and iOS v.5.0.0, which stems from a vulnerability that allows a remote...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

CVE-2024-33309

An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...

CVE-2021-39888

In all versions of GitLab EE starting from 13.10 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 a specific API endpoint may reveal details about a private group and other sensitive info inside issue and merge request templates...

ThemeREX Addons Remote Code Execution Vulnerability

WordPress plugin ThemeREX Addons is a plugin that works with various ThemeREX themes, featuring several theme enhancements and widgets that extend the functionality of the theme in question. A remote code execution vulnerability exists in versions of ThemeREX Addons prior to 2020-03-09. The...