CVE-2026-7251

Eppendorf BioFlo 320 is vulnerable due to VNC server using a hard-coded password. If a remote attacker knows the network address of any BioFlo 320 model with remote access enabled, they can gain full control of the user interface by using this password. Once connected, the attacker would have ful...

CVE-2021-27943

The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...

CVE-2022-35582

Penta Security Systems Inc WAPPLES 4.0., 5.0.0., 5.0.12. are vulnerable to Incorrect Access Control. The operating system that WAPPLES runs on has a built-in non-privileged user penta with a predefined password. The password for this user, as well as its existence, is not disclosed in the...

ABB FLXeon Controllers

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to take remote control of the product, insert and run arbitrary code, and crash the device being accessed. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

EUVD-2019-15207

Malware in sbrugna...

EUVD-2021-22967

Malware in sbrugna...

EUVD-2018-10623

Malware in sbrugna...

EUVD-2024-46811

Malicious code in bioql PyPI...

EUVD-2023-58060

Malicious code in bioql PyPI...

CVE-2020-16167

Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. Answering the call this way grants motor control of the temi in addition to audio/video via unspecified...

CVE-2020-29000

An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. An...

Malicious code in react-fatigue-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8fcb64ab16a7b12d7342e39dae03aeb4556ed831e407c63d3ea67ede1b88aa2b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Important: Red Hat Security Advisory: unbound security update

An update for unbound is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

PT-2023-24244 · WordPress · Cms Commander

Name of the Vulnerable Software and Affected Versions: CMS Commander plugin for WordPress versions up to, and including, 2.287 Description: The issue is related to an authorization bypass vulnerability due to the use of an insufficiently unique cryptographic signature on the cmsc add site functio...

CVE-2023-2987 Wordapp <= 1.6.0 - Authorization Bypass through Use of Insufficiently Unique Cryptographic Signature

The Wordapp plugin for WordPress is vulnerable to authorization bypass due to an use of insufficiently unique cryptographic signature on the 'wapdxopconfigset' function in versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to the plugin to change the...

Weidmueller Industrial WLAN devices OS Command Injection Vulnerability

Weidmueller Industrial WLAN devices is an industrial WIAN from Weidmueller, Germany. The Weidmueller Industrial WLAN devices suffer from an operating system command injection vulnerability that can be exploited by an attacker via a specially crafted diagnostic script filename to cause user input ...

360 Secure Cloud Drive Windows Interface Version Has a dll Hijacking Vulnerability

360 Secure Cloud Disk is a product that provides cloud storage and file sharing services for a wide range of real-name personal and business users. 360 Secure Cloud Disk Windows interface version of the dll hijacking vulnerability, attackers can use the vulnerability to cause the user's computer ...

Android Trojan GingerMaster Uses Gingerbread Root Exploit

Android Trojan GingerMaster Uses Gingerbread Root Exploit As our smartphones become more ubiquitous and more powerful, they need to be protected in much the same way that you would protect your computer. Further to this, a malicious piece of malware has been discovered for devices powered by...

Dell TrueMobile 2300 - Remote Credential Reset

source: https://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 3.0.0.8 and 5.1.1.6. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through t...

Half Life clanmod format string bug

Formst string bug in cmlog command requires rcon access...