CVE-2025-34433

AVideo versions 14.3.1 prior to 20.1 contain an unauthenticated remote code execution vulnerability caused by predictable generation of an installation salt using PHP uniqid. The installation timestamp is exposed via a public endpoint, and a derived hash identifier is accessible through...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-34441

AVideo versions prior to 20.1 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

EUVD-2025-203938

AVideo versions prior to 20.0 expose sensitive user information through an unauthenticated public API endpoint. Responses include emails, usernames, administrative status, and last login times, enabling user enumeration and privacy violations...

CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

EUVD-2025-203829

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

CVE-2025-14553

Summary: CVE-2025-14553 concerns TP-Link Tapo mobile apps (iOS/Android) exposing password hashes via an unauthenticated API response, enabling attackers on the local network to brute-force credentials. Multiple connected sources confirm: affected product scope includes TP-Link Tapo cameras; impac...

EUVD-2025-203380

The Convercent Whistleblowing Platform operated by EQS Group exposes an unauthenticated API endpoint at /GetLegalEntity that returns internal customer legal-entity names based on a supplied searchText fragment. A remote unauthenticated attacker can query the endpoint using common legal-suffix ter...

CVE-2025-13283 Chunghwa Telecom｜TenderDocTransfer - Arbitrary File Copy and Paste

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-63667

Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication...

CVE-2025-52665

Summary (CVE-2025-52665): UniFi Access Application versions 3.3.22–3.4.31 expose a misconfigured management API that lacks proper authentication, allowing potential unauthorized access by actors on the management network. The vulnerability was introduced in 3.3.22 and fixed in 4.0.21 and later. R...

Aviatrix Controller Unrestricted Upload of File (CVE-2021-40870)

While the Aviatrix UI requires authentication, many API calls do not enforce a check for authentication. Some of these API calls allow an unauthenticated attacker to upload arbitrary files, including .php scripts, to the filesystem. These uploaded scripts will be processed by the web frontend,...

PT-2025-43651

Name of the Vulnerable Software and Affected Versions Karmada Dashboard versions prior to 0.2.0 Description The Karmada Dashboard, a web-based control panel for the Karmada multi-cluster management project, contains an authentication bypass. Backend API endpoints, such as /api/v1/secret and...

EUVD-2020-6299

Malware in sbrugna...

EUVD-2020-7341

Malware in sbrugna...

EUVD-2020-7339

Malware in sbrugna...

EUVD-2020-7340

Malware in sbrugna...

EUVD-2020-7342

Malware in sbrugna...

EUVD-2021-22576

Malware in sbrugna...