EUVD-2025-205419

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered a vulnerability in Device Manager that a hardcoded encryption key for sensitive information. An attacker can use key to decrypt sensitive information. T...

EUVD-2025-205422

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

CVE-2025-52599 Inadequate account permissions management

Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the...

PT-2025-53445

Name of the Vulnerable Software and Affected Versions Nozomi Networks affected versions not specified Description Inadequate permission management exists for the camera guest account. The issue affects Industrial Control Systems ICS and OT/IoT security. The manufacturer has released a patch...

PT-2025-53623

🚨 CVE-2025-52598 Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems ICS and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, plea...

EUVD-2024-38912

Malicious code in bioql PyPI...

EUVD-2024-38911

Malicious code in bioql PyPI...

EUVD-2023-57383

Malicious code in bioql PyPI...

EUVD-2023-58371

Malicious code in bioql PyPI...

EUVD-2024-38910

Malicious code in bioql PyPI...

CVE-2020-35814

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30,...

CVE-2024-41885

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

CVE-2024-41886

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for...

CVE-2024-41883

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, plea...

CVE-2024-41882 Stack based buffer overflow

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer...

CVE-2024-41882

CVE-2024-41882 describes a remote code execution on an NVR due to a stack overflow triggered by oversized URL parameters. Affected component is the NVR firmware, with the root cause tied to input handling in URL parameters. The vulnerability can enable an attacker to reboot the device or potentia...

CVE-2024-41883

CVE-2024-41883 affects the NVR product identified in the initial report. The vulnerability enables remote code execution by sending a crafted value to a specific URL parameter, resulting in a NULL pointer dereference and a reboot of the NVR. A patch firmware has been released by the manufacturer,...

CVE-2024-41884 Null Pointer Dereference

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw,...

CVE-2024-41885 Hardcoding sensitive information

Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds...

CVE-2024-41886

CVE-2024-41886 affects an NVR where an attacker could inject malformed data into URL input parameters to trigger remote code execution and reboot the device. The root cause is improper handling of URL input leading to RCE, with an impact on availability (reboot) and negligible confidentiality/ in...