EUVD-2025-28827

Malicious code in bioql PyPI...

CVE-2025-9225

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-9225

CVE-2025-9225 affects MiR software prior to 3.0.0 in MiR Robots and MiR Fleet. The issue is a stored cross-site scripting (XSS) in the web interface, enabling execution of arbitrary JavaScript in a victim’s browser. Root cause details are not elaborated beyond the XSS attribution in multiple sour...

CVE-2025-9225 Cross-site scripting (XSS) in MiR robots and MiR fleet

Stored cross-site scripting XSS in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser...

CVE-2025-8749 Path traversal vulnerability in MiR robot software via API requests

Path Traversal vulnerability in API Endpoint in Mobile Industrial Robots MiR Software Versions prior to 3.0.0 on MiR Robots allows authenticated users to extract files from the robot file system via a crafted API request...

CVE-2025-8748 OS command injection in MiR robots and MiR fleet via crafted HTTP requests

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system...

CVE-2025-8748 OS command injection in MiR robots and MiR fleet via crafted HTTP requests

MiR software versions prior to version 3.0.0 are affected by a command injection vulnerability. A malicious HTTP request crafted by an authenticated user could allow the execution of arbitrary commands on the underlying operating system...

CVE-2020-10279 RVD#2569: Insecure operating system defaults in MiR robots

MiR robot controllers central computation unit makes use of Ubuntu 16.04.2 an operating system, Thought for desktop uses, this operating system presents insecure defaults for robots. These insecurities include a way for users to escalate their access beyond what they were granted via file creatio...

CVE-2020-10271

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10270

Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users omitted and passwords omitted. This...

CVE-2020-10271

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10272

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

Command injection

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

Deserialization of untrusted data

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10271 RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10271

MiR robots (MiR100, MiR200, MiR250, MiR500, MiR1000, and MiR Fleet prior to versions stated in advisories) expose the ROS computation graph over internal networks due to default ROS packages and authentication gaps. CVE-2020-10271 is described as the Exposure of Resource to Wrong Sphere: the comp...

CVE-2020-10272 RVD#2554: MiR ROS computational graph presents no authentication mechanisms

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...