92 matches found
CVE-2021-27942
Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs allow a threat actor to execute arbitrary code from a USB drive via the Smart Cast functionality, because files on the USB drive are effectively under the web root and can be executed...
CVE-2021-27943
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and mobile application is vulnerable to a brute-force attack against only 10000 possibilities, allowing a threat actor to forcefully pair the device, leading to remote control of the TV settings and...
CVE-2022-23727
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting environments, local attacker is able to perform specific operation to exploit this vulnerability. Exploitation may cause the attacker to obtain a higher privilege...
EUVD-2021-14660
Malware in sbrugna...
EUVD-2015-5675
Malware in sbrugna...
EUVD-2024-35354
Malicious code in bioql PyPI...
EUVD-2022-28663
Malicious code in bioql PyPI...
Malicious code in tangerine-tvs-project (npm)
The package tangerine-tvs-project was found to contain malicious code...
MAL-2025-34453 Malicious code in tangerine-tvs-project (npm)
The package tangerine-tvs-project was found to contain malicious code...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2024-33308
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to escalate privileges via the Emergency Contact Feature. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...
CVE-2024-33309
An issue in TVS Motor Company Limited TVS Connet Android v.4.5.1 and iOS v.5.0.0 allows a remote attacker to obtain sensitive information via an insecure API endpoint. NOTE: this is disputed as discussed in the msn-official/CVE-Evidence repository...
Vo1d Botnet's Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries
Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of...
A week in security (October 7 – October 13)
Last week on Malwarebytes Labs: Modern TVs have "unprecedented capabilities for surveillance and manipulation," group reveals Internet Archive suffers data breach and DDoS Google Search user interface: A/B testing shows security concerns remain AI girlfriend site breached, user fantasies stolen...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2024-35537
CVE-2024-35537 affects TVS Motor Company Limited TVS Connect on Android v4.6.0 and iOS v5.0.0. The root cause is insecure handling of the RSA key pair, which could allow an attacker to decrypt and access sensitive information. Publicly available documents consistently describe the issue as improp...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
CVE-2024-35537
TVS Motor Company Limited TVS Connect Android v4.6.0 and IOS v5.0.0 was discovered to insecurely handle the RSA key pair, allowing attackers to possibly access sensitive information via decryption...
TVS Motor TVS Connect Security Breach
TVS Motor TVS Connect is an application for TVS motorcycle owners from TVS Motor India. A security vulnerability exists in TVS Motor TVS Connect v4.6.0, IOS v5.0.0, which originates from insecure handling of RSA key pairs. An attacker could exploit the vulnerability to access sensitive informatio...