5 matches found
CVE-2025-61081
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break EPB and Supplemental Restoration System SRS related ECUs...
CVE-2025-61081
DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...
EUVD-2025-209899
In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break EPB and Supplemental Restoration System SRS related ECUs...
CVE-2025-68932
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators mtrand and uniqid to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leading to...
Authentication flaw
Barracuda Web Application Firewall WAF 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string...