EUVD-2000-0426

Malware in sbrugna...

CVE-2025-2171

Aviatrix Controller versions prior to 7.1.4208, 7.2.5090, and 8.0.0 do not enforce rate limiting on password reset attempts, allowing adversaries to brute force guess the 6-digit password reset PIN...

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

CVE-2025-26359

A CWE-306 "Missing Authentication for Critical Function" in maxprofile/accounts/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests...

CVE-2025-26359

The CVE-2025-26359 issue affects Q-Free MaxTime (MaxTime) up to version 2.11.0, specifically in maxprofile/accounts/routes.lua, where a Missing Authentication for Critical Function (CWE-306) allows an unauthenticated remote attacker to reset user PINs via crafted HTTP requests. Evidence from mult...

Q-Free MAXTIME Suite 访问控制错误漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. An access control error vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions, which stems from a lack of authentication for critical functions in maxprofile/accounts/routes.lua. An...

PT-2025-7148 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to a missing authentication for a critical function in the maxprofile/accounts/routes.lua file. This allows an unauthenticated remote attacker to reset user PINs via...

ECOVACS robot lawnmowers 安全漏洞

ECOVACS robot lawnmowers is a series of lawnmowers from the Chinese company ECOVACS. A security vulnerability exists in ECOVACS robot lawnmowers that originates from storing the anti-theft PIN in plaintext in the device file system. An attacker could steal the lawnmower, read the PIN, and reset t...

How to reset Secure Hub PIN?

This article explains how an user can reset the Secure Hub PIN if forgotten...

CVE-2017-8006

In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a malicious user logged into the Self-Service Console of RSA Authentication Manager as a target user can use a brute force attack to attempt to identify that user's PIN. The malicious user could potentially reset the compromised PIN t...

Fraudsters Exploited Lax Security at Equifax’s TALX Payroll Division

Identity thieves who specialize in tax refund fraud had big help this past tax year from Equifax, one of the nation's largest consumer data brokers and credit bureaus. The trouble stems from TALX, an Equifax subsidiary that provides online payroll, HR and tax services. Equifax says crooks were ab...

Unable to Reset Citrix PIN without re-enrolling with Certificate Based Authentication enabled

Question: With Certificate Based Authentication configured as the only authentication method on the NetScaler Gateway, when attempting to reset the Citrix PIN in Secure Hub, the user is required to re-enroll the device. Answer: With Certificate Based Authentication as the only authentication...

Encryption, Lock Mechanism Vulnerabilities Plague Lock App AppLock

Multiple weaknesses exist in AppLock, a popular lock application for Android devices that boasts more than 100 million users. A researcher is claiming that the app, which is supposed to securely store photos, videos and other apps, doesn’t really use encryption to do so, it simply hides the files...

Hilton Hotels Fix CSRF Vulnerability That Exposed All Accounts

A cross-site request forgery CSRF vulnerability in the website of hotel chain Hilton Worldwide could have inadvertently compromised much of its users’ personal information. Ironically the since-fixed issue stemmed from a promotion the chain was offering to users if they changed their passwords on...