42 matches found
EUVD-2025-26401
Malicious code in bioql PyPI...
EUVD-2025-28444
Malicious code in bioql PyPI...
EUVD-2025-26400
Malicious code in bioql PyPI...
EUVD-2025-28445
Malicious code in bioql PyPI...
CVE-2025-52547
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52544
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
CVE-2025-52550
E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...
CVE-2025-52547
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52549
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52550
E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...
CVE-2025-52550
E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...
CVE-2025-52547
E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...
CVE-2025-52549
E3 Site Supervisor Control firmware version 2.31F01 generates the root linux password on each boot. An attacker can generate the root linux password for a vulnerable device based on known or easy to fetch parameters...
CVE-2025-52544
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
CVE-2025-52545
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
CVE-2025-52543
E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...
CVE-2025-52545
E3 Site Supervisor Control firmware version 2.31F01 RCI service contains an API call to read users info, which returns all usernames and password hashes for the application services...
CVE-2025-52543
E3 Site Supervisor Control firmware version 2.31F01 application services MGW and RCI uses client side hashing for authentication. An attacker can authenticate by obtaining only the password hash...
CVE-2025-52544
E3 Site Supervisor Control firmware version 2.31F01 has a floor plan feature that allows for an unauthenticated attacker to upload floor plan files. By uploading a specially crafted floor plan file, an attacker can access any file from the E3 file system...
CVE-2025-52550
CVE-2025-52550 concerns the E3 Site Supervisor Control firmware. Affected versions are those with firmware upgrades that are unsigned (prior to 2.31F01). This permits forging malicious firmware upgrade packages. An attacker with admin access to application services could install such a package, l...