MAL-2026-5154 Malicious code in @customer-threesixty/assets (npm)

Dependency confusion attack campaign targeting Scandinavian telecommunications and digital services organizations Telenor, Ownit, Vimla, and Customer 360 / C360. Four packages published by the debating0166 npm account use inflated version numbers 99.0.x to win npm registry resolution over private...

Security Bulletin: Multiple Vulnerabilities in Java affecting IBM Knowledge Catalog and IBM Match 360 On Cloud Pak for Data

Summary Lineage, an internal component of IBM Knowledge Catalog, and the IBM Match 360 component within IBM Cloud Pak for Data are impacted by vulnerabilities in Java. These vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-53057 DESCRIPTION: An unspecified vulnerability i...

CVE-2025-67720

CVE-2025-67720 affects Pyrofork, an asynchronous MTProto API framework for Python. The vulnerability occurs in the download_media path when a user-supplied Telegram filename is used to construct the target path without adequate sanitization. Versions 2.3.68 and earlier may fall back to the media’...

CVE-2025-11644

A weakness has been identified in Tomofun Furbo 360 and Furbo Mini. Affected by this issue is some unknown functionality of the component UART Interface. Executing manipulation can lead to insecure storage of sensitive information. The physical device can be targeted for the attack. This attack i...

CVE-2025-11647

A flaw has been found in Tomofun Furbo 360 and Furbo Mini. This issue affects some unknown processing of the component GATT Service. This manipulation of the argument DeviceToken causes information disclosure. The attack is only possible within the local network. A high degree of complexity is...

CVE-2025-11643 Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. Affected by this vulnerability is an unknown functionality of the file /squashfs-root/furboimg of the component MQTT Client Certificate. Performing manipulation results in hard-coded credentials. The attack may be initiated...

EUVD-2025-33897

A security flaw has been discovered in Tomofun Furbo 360 and Furbo Mini. This affects an unknown part of the component UART Interface. The manipulation results in information disclosure. An attack on the physical device is feasible. The firmware versions determined to be affected are Furbo 360 up...

PT-2025-41729

Name of the Vulnerable Software and Affected Versions Tomofun Furbo 360 versions prior to FB0035 FW 036 Tomofun Furbo Mini versions prior to MC0020 FW 074 Description An issue exists in the Trial Restriction Handler component of Tomofun Furbo 360 and Furbo Mini that results in improper access...

CVE-2025-55069

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...

CVE-2025-58473

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions of the Click...

CVE-2025-57882

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC...

CVE-2025-57882 AutomationDirect CLICK PLUS Improper Resource Shutdown or Release

An improper resource shutdown or release vulnerability has been identified in the Click Plus C2-03CPU-2 device running firmware version 3.60. The vulnerability allows an unauthenticated attacker to perform a denial-of-service attack by exhausting all available device sessions in the Remote PLC...

CVE-2025-55069

The affected product is AutomationDirect CLICK PLUS with firmware version 3.60 (Click Plus PLC). A root cause is a predictable seed in the pseudo-random number generator, which compromises the security of generated private keys. Practical impact is potential exposure or manipulation of cryptograp...

CVE-2025-55069 AutomationDirect CLICK PLUS Predictable Seed in Pseudo-Random Number Generator

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software implements a predictable seed for its pseudo-random number generator, which compromises the security of the...

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

CVE-2025-59484 AutomationDirect CLICK PLUS Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm was discovered in firmware version 3.60 of the Click Plus PLC. The vulnerability relies on the fact that the software uses an insecure implementation of the RSA encryption algorithm...

PT-2025-39227

Name of the Vulnerable Software and Affected Versions Click Plus C2-03CPU-2 version 3.60 Description An improper resource shutdown or release issue exists in the Click Plus C2-03CPU-2 device. An unauthenticated attacker can cause a denial-of-service by exhausting all available device sessions...

PT-2025-39221

Name of the Vulnerable Software and Affected Versions Click Programming Software version v3.60 Description A security issue allows a local user, while an administrator session is active, to steal credentials stored in clear text. The issue involves the cleartext storage of sensitive information a...

PT-2025-39222

Name of the Vulnerable Software and Affected Versions Click Plus PLC firmware version 3.60 Description A flaw exists in the pseudo-random number generator due to a predictable seed. This compromises the security of generated private keys. Recommendations Update to a newer firmware version that...

AutomationDirect CLICK PLUS 安全漏洞

AutomationDirect CLICK PLUS is a small programmable logic controller from AutomationDirect, Inc. A security vulnerability exists in AutomationDirect CLICK PLUS version 3.60 that originates from improper resource shutdown or release and could lead to a denial of service attack...