CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

CVE-2025-3660

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to...

CVE-2025-3653

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device contro...

Petlibro Smart Pet Feeder Platform 安全漏洞

Petlibro Smart Pet Feeder Platform is a smart pet management system from Petlibro. A security vulnerability exists in Petlibro Smart Pet Feeder Platform version 1.7.31 and earlier, which stems from an insecure API endpoint that could lead to information disclosure...

Petlibro Smart Pet Feeder Platform 安全漏洞

Petlibro Smart Pet Feeder Platform is a smart pet management system from Petlibro. A security vulnerability exists in Petlibro Smart Pet Feeder Platform version 1.7.31 and earlier, which stems from a flaw in OAuth token authentication that could lead to authentication bypass...

Petlibro Smart Pet Feeder Platform 安全漏洞

Petlibro Smart Pet Feeder Platform is a smart pet management system from Petlibro. A security vulnerability exists in Petlibro Smart Pet Feeder Platform version 1.7.31 and earlier, which stems from a lack of ownership validation and could lead to accessing other users' pet data...

CVE-2025-3660 Petlibro Smart Pet Feeder Platform through 1.7.31 Broken Access Control via API endpoint

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains a broken access control vulnerability that allows authenticated users to access other users' pet data by exploiting missing ownership verification. Attackers can send requests to /member/pet/detailV2 with arbitrary pet IDs to...

CVE-2025-3660

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 are affected by a broken access control vulnerability due to missing ownership verification. An authenticated user can access other users’ data by calling the API endpoint /member/pet/detailV2 with arbitrary pet IDs, exposing pet details, m...

CVE-2025-3652 Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with...

CVE-2025-3652

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 are affected by an information disclosure vulnerability. The issue arises from a flaw in using sequential audio IDs with an insecure assignment endpoint at the API path /device/deviceAudio/use, which allows an attacker to assign audio recor...

CVE-2025-3646

The CVE affects Petlibro Smart Pet Feeder Platform up to version 1.7.31. The vulnerability is an authorization bypass in the device share API caused by missing permission checks, allowing unauthorized users to add themselves as shared owners and view owner information. This is a network-exposed i...

CVE-2025-15115

CVE-2025-15115 affects the Petlibro Smart Pet Feeder Platform (versions up to 1.7.31). Affects the social login OAuth flow via the API endpoint “/member/auth/thirdLogin” where token validation flaws allow unauthenticated attackers to obtain full session tokens and access user accounts by supplyin...

CVE-2025-3646 Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized acce...

CVE-2025-3646 Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API

Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized acce...

PT-2026-1179

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an authorization bypass. This allows unauthorized users to add themselves as shared owners to any device. The issue is d...

PT-2026-1181

Name of the Vulnerable Software and Affected Versions Petlibro Smart Pet Feeder Platform versions up to 1.7.31 Description The Petlibro Smart Pet Feeder Platform is affected by an improper access control issue. The platform allows unauthorized device manipulation by accepting arbitrary serial...

EUVD-2022-1273

Malicious code in bioql PyPI...

EUVD-2022-1527

Malicious code in bioql PyPI...

Grav 跨站脚本漏洞

Grav is a scalable CMS content management system for personal blogs, small content publishing platforms, and single-page product displays. cross-site scripting vulnerabilities exist in versions prior to Grav 1.7.31, which stem from the program's lack of data validation filtering of user-supplied...

CVE-2022-0743 Cross-site Scripting (XSS) - Stored in getgrav/grav

Cross-site Scripting XSS - Stored in GitHub repository getgrav/grav prior to 1.7.31...