3053 matches found
EUVD-2025-32584
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
PT-2025-40946
Name of the Vulnerable Software and Affected Versions YoSmart YoLink MQTT broker versions through 2025-10-02 Description The YoLink MQTT broker does not adequately enforce authorization controls, which can lead to cross-account attacks. An attacker who obtains device IDs can remotely operate...
CVE-2025-59449
The YoSmart YoLink MQTT broker and ecosystem components through 2025-10-02 contain multiple concrete issues: (1) insufficient authorization controls allow cross-account attack if an attacker learns device IDs, potentially enabling remote control of other users’ devices; (2) YoLink device IDs are ...
CVE-2025-59449
The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...
RLSA-2025:10353 Moderate: socat security update
The socat utility establishes bi-directional byte streams and transfers data between them. The utility can establish streams between a large set of channels, such as files, pipes, devices, and sockets. Security Fixes: socat: arbitrary file overwrite via predictable /tmp directory CVE-2024-54661 F...
RLSA-2025:7437 Moderate: avahi security update
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other...
socat security update
An update is available for socat. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The socat utility establishes bi-directional byte streams and transfers data...
EUVD-2023-2447
Malicious code in bioql PyPI...
EUVD-2023-1452
Malicious code in bioql PyPI...
EUVD-2025-6691
Malicious code in bioql PyPI...
EUVD-2022-3297
Malicious code in bioql PyPI...
EUVD-2022-7360
Malicious code in bioql PyPI...
EUVD-2024-42303
Malicious code in bioql PyPI...
EUVD-2025-30936
Malicious code in bioql PyPI...
EUVD-2023-42378
Malicious code in bioql PyPI...
EUVD-2022-24727
Malicious code in bioql PyPI...
EUVD-2023-58566
Malicious code in bioql PyPI...
EUVD-2022-24904
Malicious code in bioql PyPI...