Lucene search
K

19 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-25604

Malicious code in bioql PyPI...

6.3CVSS6.6AI score0.00215EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-25606

Malicious code in bioql PyPI...

5.3CVSS6.6AI score0.00307EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/08/24 12:13 a.m.7 views

CVE-2025-55625

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same...

6.3CVSS6.6AI score0.00215EPSS
Exploits1References1
NVD
NVD
added 2025/08/22 5:15 p.m.7 views

CVE-2025-55624

An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components...

5.3CVSS0.00307EPSS
Exploits1References1
NVD
NVD
added 2025/08/22 5:15 p.m.6 views

CVE-2025-55622

Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...

6.5CVSS0.00315EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.7 views

PT-2025-34454 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An issue exists in the lock screen component that allows attackers to bypass authentication using an Android Debug Bridge ADB. ADB is a versatile command-line tool that facilitates communication...

5.4CVSS7.2AI score0.00292EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.10 views

CVE-2025-55622

Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...

0.00315EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.7 views

PT-2025-34455 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An intent redirection issue in Reolink allows unauthorized attackers to access internal functions or non-public components. Recommendations: At the moment, there is no information about a newer...

5.3CVSS6.9AI score0.00307EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/22 12:0 a.m.9 views

CVE-2025-55625

An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same...

0.00215EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.4 views

CVE-2025-55622

Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...

6.7AI score0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/08/22 12:0 a.m.4 views

CVE-2025-55621

An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...

6.2AI score0.00222EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.13 views

PT-2025-34450 · Reolink · Reolink

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The Reolink application contains a hardcoded encryption key and initialization vector. This allows an attacker to decrypt access tokens and web session tokens through reverse engineering...

9.8CVSS6.9AI score0.00377EPSS
Exploits1References10
CVE
CVE
added 2025/08/22 12:0 a.m.22 views

CVE-2025-55621

The CVE-2025-55621 entry describes an insecure direct object reference (IDOR) in Reolink app version 4.54.0.4.20250526, where an attacker could access and download other users’ profile photos via a crafted URL. This is supported by multiple connected records noting the same vulnerability and the ...

6.5CVSS6.2AI score0.00222EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2025/08/22 12:0 a.m.32 views

CVE-2025-55624

CVE-2025-55624 affects Reolink for Android/iOS (Reolink app version 4.54.0.4.20250526). The root cause is an intent redirection vulnerability that allows unauthorized attackers to access internal functions or non-public components. Public references indicate a PoC exists, and the issue is categor...

5.3CVSS6.5AI score0.00307EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/08/22 12:0 a.m.6 views

PT-2025-34453

Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The software contains a task hijacking issue due to inappropriate taskAffinity settings. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

6.5CVSS6.1AI score0.00315EPSS
Exploits1References7
CVE
CVE
added 2025/08/22 12:0 a.m.24 views

CVE-2025-55622

CVE-2025-55622 affects Reolink v4.54.0.4.20250526 and is caused by inappropriate taskAffinity settings that enable task hijacking. This root cause is repeatedly stated across sources (NVD, Red Hat, CVE lists) with no consistent remediation information; some entries note no details about a fix. Te...

6.5CVSS6.7AI score0.00315EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/01/28 9:42 p.m.6 views

CVE-2021-44417

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS7.7AI score0.01207EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/01/28 9:42 p.m.6 views

CVE-2021-44415

A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...

8.6CVSS7.7AI score0.01207EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/01/28 12:0 a.m.20 views

PT-2022-12079 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetIrLights...

8.6CVSS7.9AI score0.01145EPSS
Exploits1References3
Rows per page
Query Builder