40 matches found
CVE-2018-25126 TVT NVMS-9000 Hard-coded API Credentials & Command Injection
Shenzhen TVT Digital Technology Co., Ltd. NVMS-9000 firmware used by many white-labeled DVR/NVR/IPC products contains hardcoded API credentials and an OS command injection flaw in its configuration services. The web/API interface accepts HTTP/XML requests authenticated with a fixed vendor...
EUVD-2017-2438
Malware in sbrugna...
EUVD-2015-4306
Malware in sbrugna...
EUVD-2018-7053
Malware in sbrugna...
EUVD-2025-12371
Malicious code in bioql PyPI...
📄 Off 2.15 Unauthenticated Remote System Control
Off version 2.15 exposes a TCP service on 1984 port that allows unauthenticated attackers to issue remote system control commands such as Shutdown, Restart, Lock, Sleep, and Hibernate. Exploit Title: Off 2.15 - Unauthenticated Remote System Control Date: 25/06/25 Exploit Author: Chokri Hammedi...
CVE-2024-40087
Vilo 5 Mesh WiFi System = 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
CVE-2025-29660
A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...
PT-2025-17441 · Yi · Yi Iot Xy-3820
Name of the Vulnerable Software and Affected Versions: Yi IOT XY-3820 version 6.0.24.10 Description: A vulnerability exists in the daemon process of the Yi IOT XY-3820, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary...
CVE-2025-29660
The CVE-2025-29660 vulnerability affects Yi IOT XY-3820, firmware v6.0.24.10, in the daemon that listens on TCP port 6789. The issue stems from improper input validation, allowing directory traversal via crafted TCP requests, which permits remote unauthenticated execution of arbitrary scripts on ...
CVE-2024-40087
Vilo 5 Mesh WiFi System = 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router...
CVE-2024-40087
Vilo 5 Mesh WiFi System = 5.16.1.33 is vulnerable to Insecure Permissions. Lack of authentication in the custom TCP service on port 5432 allows remote, unauthenticated attackers to gain administrative access over the router...
Ray Sharp DVR Password Retriever
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ray Sharp DVR Password Retriever', 'Description' = %q This module takes advantage of a protocol design issue with the Ray Sharp based DVR systems...
CVE-2022-40187
Foresight GC3 Launch Monitor 1.3.15.68 ships with a Target Communication Framework TCF service enabled. This service listens on a TCP port on all interfaces and allows for process debugging, file system modification, and terminal access as the root user. In conjunction with a hosted wireless acce...
Insecure Access Control
istio is vulnerable to insecure access control due to incorrect translation of DENY policy for TCP service...
istio: incorrect translation of DENY policy for TCP service
An insecure access control vulnerability was found in Istio. If an authorization policy is created for a TCP service that includes a DENY rule with a prefix wildcard, Istio translates this into an Envoy string match, incorrectly removing the wildcard. This flaw allows an attacker to subvert...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 1.1 security update
An update for servicemesh is now available for OpenShift Service Mesh 1.1. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...