19 matches found
EUVD-2025-25604
Malicious code in bioql PyPI...
EUVD-2025-25606
Malicious code in bioql PyPI...
CVE-2025-55625
An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same...
CVE-2025-55624
An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...
PT-2025-34454 · Reolink · Reolink
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An issue exists in the lock screen component that allows attackers to bypass authentication using an Android Debug Bridge ADB. ADB is a versatile command-line tool that facilitates communication...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...
PT-2025-34455 · Reolink · Reolink
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: An intent redirection issue in Reolink allows unauthorized attackers to access internal functions or non-public components. Recommendations: At the moment, there is no information about a newer...
CVE-2025-55625
An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior that supports redirection to Alexa URLs, which are not guaranteed to remain at the same...
CVE-2025-55622
Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings. NOTE: this is disputed by the Supplier because it is intentional behavior to ensure a predictable user experience...
CVE-2025-55621
An Insecure Direct Object Reference IDOR vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social...
PT-2025-34450 · Reolink · Reolink
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The Reolink application contains a hardcoded encryption key and initialization vector. This allows an attacker to decrypt access tokens and web session tokens through reverse engineering...
CVE-2025-55621
The CVE-2025-55621 entry describes an insecure direct object reference (IDOR) in Reolink app version 4.54.0.4.20250526, where an attacker could access and download other users’ profile photos via a crafted URL. This is supported by multiple connected records noting the same vulnerability and the ...
CVE-2025-55624
CVE-2025-55624 affects Reolink for Android/iOS (Reolink app version 4.54.0.4.20250526). The root cause is an intent redirection vulnerability that allows unauthorized attackers to access internal functions or non-public components. Public references indicate a PoC exists, and the issue is categor...
PT-2025-34453
Name of the Vulnerable Software and Affected Versions: Reolink version 4.54.0.4.20250526 Description: The software contains a task hijacking issue due to inappropriate taskAffinity settings. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...
CVE-2025-55622
CVE-2025-55622 affects Reolink v4.54.0.4.20250526 and is caused by inappropriate taskAffinity settings that enable task hijacking. This root cause is repeatedly stated across sources (NVD, Red Hat, CVE lists) with no consistent remediation information; some entries note no details about a fix. Te...
CVE-2021-44417
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. GetAlarm param is not object. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2021-44415
A denial of service vulnerability exists in the cgiserver.cgi JSON command parser functionality of reolink RLC-410W v3.0.0.13620121102. A specially-crafted HTTP request can lead to a reboot. ModifyUser param is not object. An attacker can send an HTTP request to trigger this vulnerability...
PT-2022-12079 · Reolink · Reolink Rlc-410W
Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetIrLights...