CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

EUVD-2025-208479

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2025-27769

A vulnerability has been identified in Heliox Flex 180 kW EV Charging Station All versions F4.11.1, Heliox Mobile DC 40 kW EV Charging Station All versions L4.10.1. Affected devices contain improper access control that could allow an attacker to reach unauthorized services via the charging cable...

CVE-2025-27769

CVE-2025-27769 affects Heliox Flex 180 kW EV Charging Station (all versions before F4.11.1) and Heliox Mobile DC 40 kW EV Charging Station (all versions before L4.10.1). The issue is improper access control that could allow an attacker to reach unauthorized services via the charging cable. CVSS m...

PT-2026-24216

Name of the Vulnerable Software and Affected Versions Heliox Flex 180 kW EV Charging Station versions prior to F4.11.1 Heliox Mobile DC 40 kW EV Charging Station versions prior to L4.10.1 Description The charging stations have improper access control. This could allow an attacker to reach...

Siemens Heliox EV Chargers

SUMMARY Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...

EUVD-2009-2031

Malware in sbrugna...

CVE-2009-2035

Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors...

JetBrains Hub Improper Access Control Vulnerability

JetBrains Hub is a Web-based identity management service launched by JetBrains, which is mainly used for centralized management of YouTrack, TeamCity and other team collaboration tools such as user authentication, permission assignment and project collaboration. JetBrains Hub suffers from an...

CVE-2024-50573

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services...

CVE-2024-50573

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services...

CVE-2024-50573

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services...

CVE-2024-50573

Summary (CVE-2024-50573): JetBrains Hub prior to 2024.3.47707 suffers from improper access control that can allow a user to generate permanent tokens for unauthorized services. The descriptions across multiple sources consistently identify the affected product as JetBrains Hub and the issue as to...

CVE-2024-50573

In JetBrains Hub before 2024.3.47707 improper access control allowed users to generate permanent tokens for unauthorized services...

JetBrains Hub 安全漏洞

JetBrains Hub is a Web-based identity management service launched by JetBrains, which is mainly used for centralized management of YouTrack, TeamCity and other team collaboration tools such as user authentication, permission assignment and project collaboration. JetBrains Hub suffers from an...

Legal Robot: unsecured legalrobot.co.uk assets

A security researcher found that multiple gTLD permutations of our legalrobot domain names like legalrobot.co.uk were allowing access to sensitive ports 22 and disclosing vulnerable server versions. While these other domains are, for the time being, intended to simply redirect to our main...

Cross site request forgery (csrf)

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

CVE-2013-5758

cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files...

CVE-2009-2035

Unspecified vulnerability in Services 6.x before 6.x-0.14, a module for Drupal, when key-based access is enabled, allows remote attackers to read or add keys and access unauthorized services via unspecified vectors...

CVE-2002-1796

ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 4100 and 8150 does not properly verify JAR signatures for new services, which allows local users to load unauthorized Chai services...