Lucene search
K

211 matches found

Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.9 views

PT-2025-50547

Name of the Vulnerable Software and Affected Versions Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027 Description The software contains NULL-pointer dereference issues in the JSON processing component. These issues can be exploited by providi...

6.5CVSS6.5AI score0.00263EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.20 views

CVE-2025-65297

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 automatically collect and upload unencrypted sensitive information. Note that this occurs without disclosure or consent from the manufacturer...

0.0017EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.22 views

CVE-2025-65294

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 contain an undocumented remote access mechanism enabling unrestricted remote command execution...

0.00858EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.22 views

CVE-2025-65290

Aqara Hub devices including Camera Hub G3 4.1.90027, Hub M2 4.3.60027, and Hub M3 4.3.60025 fail to validate server certificates during HTTPS firmware downloads, allowing man-in-the-middle attackers to intercept firmware update traffic and potentially serve modified firmware files...

0.0016EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.21 views

CVE-2025-65291

Aqara Hub devices including Hub M2 4.3.60027, Hub M3 4.3.60025, Camera Hub G3 4.1.90027 fail to validate server certificates in TLS connections for discovery services and CoAP gateway communications, enabling man-in-the-middle attacks on device control and monitoring...

0.0016EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/12/10 12:0 a.m.5 views

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from the presence of a null pointer dereference in JSON processing, which could lead to a denial of service attack. The following products and versio...

6.5CVSS6.5AI score0.00263EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.6 views

PT-2025-50548

Name of the Vulnerable Software and Affected Versions Aqara Hub Camera Hub G3 version 4.1.9 0027 Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Description Aqara Hub devices automatically collect and upload sensitive information in an unencrypted format. This data collection and...

7.5CVSS6.4AI score0.0017EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/10 12:0 a.m.8 views

PT-2025-50536

Name of the Vulnerable Software and Affected Versions Aqara Hub M2 version 4.3.6 0027 Aqara Hub M3 version 4.3.6 0025 Aqara Camera Hub G3 version 4.1.9 0027 Description Aqara Hub devices do not properly validate server certificates during TLS connections used for discovery services and CoAP gatew...

6.5AI score0.0016EPSS
Exploits1References3
CVE
CVE
added 2025/12/10 12:0 a.m.32 views

CVE-2025-65294

The vulnerability CVE-2025-65294 affects Aqara Hub devices: Camera Hub G3 (version 4.1.9_0027), Hub M2 (4.3.6_0027), and Hub M3 (4.3.6_0025). Connected documents describe an undocumented remote access mechanism that enables unrestricted remote command execution, i.e., attacker-controlled commands...

9.8CVSS7AI score0.00858EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2025/12/10 12:0 a.m.30 views

CVE-2025-65296

CVE-2025-65296 affects Aqara Hub M2 (version 4.3.6_0027), Aqara Hub M3 (4.3.6_0025), and Aqara Camera Hub G3 (4.1.9_0027). The issue is a NULL-pointer dereference in the JSON processing component, which enables denial-of-service attacks via malformed JSON inputs. Public details consistently descr...

6.5CVSS6.7AI score0.00263EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/12/10 12:0 a.m.23 views

CVE-2025-65296

NULL-pointer dereference vulnerabilities in Aqara Hub M2 4.3.60027, Hub M3 4.3.60025, and Camera Hub G3 4.1.90027 in the JSON processing enable denial-of-service attacks through malformed JSON inputs...

0.00263EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 2: apache-commons-beanutils (TSSA-2025:0654)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0654 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

8.8CVSS7AI score0.01548EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2025/11/19 4:23 p.m.12 views

Mac users warned about new DigitStealer information stealer

A new infostealer called DigitStealer is going after Mac users. It avoids detection, skips older devices, and steals files, passwords, and browser data. We break down what it does and how to protect your Mac. Researchers have described a new malware called DigitStealer that steals sensitive...

7.2AI score
Exploits0
EUVD
EUVD
added 2025/10/28 11:48 a.m.4 views

EUVD-2025-36491

In the Linux kernel, the following vulnerability has been resolved: fbdev: simplefb: Fix use after free in simplefbdetachgenpds The pmdomain cleanup can not be devres managed as it uses struct simplefbpar which is allocated within struct fbinfo by framebufferalloc. This allocation is explicitly...

5.9AI score0.00194EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.7 views

PT-2025-44105

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.3 Description The Linux kernel contains a use-after-free flaw within the simplefb driver, specifically in the simplefb detach genpds function. This issue arises because the pm domain cleanup is not properly...

7.7CVSS5.8AI score0.00194EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/10/07 4:47 p.m.6 views

Security Bulletin: Improper Access Control vulnerability in Apache Commons may affect IBM Business Automation Workflow - CVE-2025-48734

Summary IBM Business Automation Workflow packages a copy of Apache commons-beanutils. CVE-2025-48734 has been reported for this library. Vulnerability Details CVEID:CVE-2025-48734 DESCRIPTION: Improper Access Control vulnerability in Apache Commons. A special BeanIntrospector class was added in...

8.8CVSS7AI score0.01548EPSS
Exploits1Affected Software2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-3006

Malware in sbrugna...

9.8CVSS9.5AI score0.03905EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-14946

Malware in sbrugna...

6.1CVSS6.3AI score0.00347EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2007-5151

Malware in sbrugna...

5CVSS6.3AI score0.01483EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2014-9376

Malware in sbrugna...

4.3CVSS6.4AI score0.00931EPSS
Exploits1References4
Rows per page
Query Builder