EUVD-2025-210018

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

CVE-2025-59601

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

CVE-2025-59601 Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

CVE-2025-59601 Exposure of Sensitive Information Through Metadata in Powerline Communication Firmware

Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration...

CVE-2025-59601

CVE-2025-59601 concerns devices with a Powerline interface where resetting to factory default exposes device configuration. The vulnerability enables Information Disclosure via the reset path, with an Adjacent attack vector, Low attack complexity, and no privileges required, resulting in High Con...

PT-2026-45628

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An information disclosure occurs when resetting a device to factory default settings via the powerline interface, which allows unauthorized access to the device...

@grackle-ai/powerline Runs Without Authentication by Default

Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...

Missing Authentication for Critical Function

Overview @grackle-ai/powerline is a gRPC PowerLine server for Grackle AI agent integration Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the PowerLine gRPC server when when --token is not provided and GRACKLEPOWERLINETOKEN is not set. An...

GHSA-XQ7H-VWJP-5VRH @grackle-ai/powerline Runs Without Authentication by Default

Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...

CVE-2022-33265

Memory corruption due to information exposure in Powerline Communication Firmware while sending different MMEs from a single, unassociated device...

Devolo dLAN 500 AV Wireless+ 安全漏洞

Devolo dLAN 500 AV Wireless+ is a powerline communication adapter from Devolo, Germany. A security vulnerability exists in the Devolo dLAN 500 AV Wireless+ version 3.1.0-1 that stems from a lack of proper request validation and could lead to a cross-site request forgery attack...

EUVD-2019-7025

Malware in sbrugna...

EUVD-2025-23792

Malicious code in bioql PyPI...

EUVD-2025-23787

Malicious code in bioql PyPI...

EUVD-2022-7172

Malicious code in bioql PyPI...

EUVD-2022-36308

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-42906

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - powerline-gitstatus aka Powerline Gitstatus before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes...

CVE-2025-27071

Memory corruption while processing specific files in Powerline Communication Firmware...

CVE-2025-47324

Information disclosure while accessing and modifying the PIB file of a remote device via powerline...

CVE-2025-47324

Information disclosure while accessing and modifying the PIB file of a remote device via powerline...