Cracking IoT Security: Can LLMs Outsmart Static Analysis Tools?

Smart home IoT platforms such as openHAB rely on Trigger Action Condition TAC rules to automate device behavior, but the interplay among these rules can give rise to interaction threats, unintended or unsafe behaviors emerging from implicit dependencies, conflicting triggers, or overlapping...

EUVD-2020-26459

Malware in sbrugna...

EUVD-2024-2625

Malicious code in bioql PyPI...

CVE-2024-42468

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the...

CVE-2021-21266

openHAB is a vendor and technology agnostic open source automation software for your home. In openHAB before versions 2.5.12 and 3.0.1 the XML external entity XXE attack allows attackers in the same network as the openHAB instance to retrieve internal information like the content of files from th...

@dfeidao/fd-w000005 (>=4.6.201905201058 <=4.6.201907081013), @dfeidao/widgets (>=4.5.201903181201 <=4.6.201905131523) +16 more potentially affected by CVE-2025-47204 via bootstrap-multiselect (>=0.9.13-1 <=1.1.2)

bootstrap-multiselect NPM version =0.9.13-1, =4.6.201905201058, =4.5.201903181201, =1.0.0, =3.0.201812052008, =1.0.0, =2.0.0, =0.1.0, =0.0.3, =1.0.7-1, =1.1.4, =1.2.1, =1.2.2, =0.0.2, =1.0.0 and more Source cves: CVE-2025-47204 Source advisory: OSV:GHSA-GV5R-9GXR-V74W...

CVE-2020-5242

openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user running openHAB. Starting with version 2.5.2 all commands need to be whitelisted in a local file...

CVE-2024-42467

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...

CVE-2024-42469

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...

FreeBSD : OpenHAB CometVisu addon -- Multiple vulnerabilities (587ed8ac-5957-11ef-854a-001e676bf734)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 587ed8ac-5957-11ef-854a-001e676bf734 advisory. OpenHAB reports: This patch release addresses the following security advisories: All of these are relat...

CVE-2024-42470

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Several endpoints in versions prior to 4.2.1 of the CometVisu add-on of openHAB don't require authentication. This makes it possible for unauthenticated attackers to modify or to...

CVE-2024-42469

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, CometVisu's file system endpoints don't require authentication and additionally the endpoint to update an existing file is susceptible to path traversal...

CVE-2024-42468

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. CometVisuServlet in versions prior to 4.2.1 is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the...

CVE-2024-42467

openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forger...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in versions of openHAB prior to 4.2.1 that stems from the vulnerability of the endpoint used by the CometVisu component to update existing files to path traversal, allowing an attacker to overwrite...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in openHAB versions prior to 4.2.1 that stems from multiple endpoints that do not require authentication. An attacker can exploit the vulnerability to obtain sensitive information...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in versions prior to openHAB 4.2.1 that stems from a proxy endpoint that allows access to add-ons without authentication, which can be used as a server request forgery to induce GET HTTP requests t...

openHAB 安全漏洞

openHAB is an open source home automation application from openHAB. A security vulnerability exists in openHAB versions prior to 4.2.1, which stems from the vulnerability of the CometVisu component to an unauthenticated path traversal attack, where an HTTP GET on the component can request a local...

GHSA-PCWP-26PW-J98W CometVisu Backend for openHAB has a path traversal vulnerability

openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. Impact This...

CometVisu Backend for openHAB has a path traversal vulnerability

openHAB's CometVisuServlet is susceptible to an unauthenticated path traversal vulnerability. Local files on the server can be requested via HTTP GET on the CometVisuServlet. This vulnerability was discovered with the help of CodeQL's Uncontrolled data used in path expression query. Impact This...