Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

CVE
CVEadded 5 hours ago6 views

CVE-2026-13491

The CVE-2026-13491 entry concerns 78 xiaozhi-esp32 (up to version 2.2.6) and identifies a vulnerability in the MQTT Goodbye Handler. The issue lies in Application::GetInstance within main/protocols/mqtt_protocol.cc, where manipulating the session_id argument can trigger a denial of service. The a...

6.3CVSS5AI score
Exploits0References8
ATTACKERKB
ATTACKERKBadded 5 hours ago6 views

CVE-2026-13491

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS4.9AI score
Exploits0References8Affected Software1
EUVD
EUVDadded 5 hours ago7 views

EUVD-2026-39991

A vulnerability was detected in 78 xiaozhi-esp32 up to 2.2.6. This vulnerability affects the function Application::GetInstance of the file main/protocols/mqttprotocol.cc of the component MQTT Goodbye Handler. Performing a manipulation of the argument sessionid results in denial of service. The...

6.3CVSS5AI score
Exploits0References8
CVE
CVEadded 6 hours ago9 views

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

3.1CVSS5.1AI score
Exploits0References7
EUVD
EUVDadded 2025/12/28 12:30 p.m.3 views

EUVD-2025-205508

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launche...

6.5CVSS6.2AI score0.00289EPSS
Exploits0References8
CNNVD
CNNVDadded 2025/12/28 12:0 a.m.6 views

Xiaozhi ESP32 Server Java 授权问题漏洞

Xiaozhi ESP32 Server Java is a Java enterprise management platform for joey individual developers. An authorization issue vulnerability exists in Xiaozhi ESP32 Server Java 3.0.0 and earlier versions, which stems from a misbehavior of the function tryAuthenticateWithCookies in the file...

6.5CVSS6.3AI score0.00289EPSS
Exploits0References7
Cvelist
Cvelistadded 2025/04/07 8:0 p.m.28 views

CVE-2025-3382 joey-zhou xiaozhi-esp32-server-java update sql injection

A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack c...

6.5CVSS0.00264EPSS
Exploits0References4
CVE
CVEadded 2025/04/07 8:0 p.m.52 views

CVE-2025-3382

The CVE-2025-3382 entry concerns joey-zhou xiaozhi-esp32-server-java. Affects the update function of the /api/user/update endpoint, where manipulation of the state argument causes SQL injection. The vulnerability is exploitable remotely and is supported by public disclosures. No version details f...

6.5CVSS7.6AI score0.00264EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/04/07 12:0 a.m.6 views

Xiaozhi ESP32 Server Java 注入漏洞

Xiaozhi ESP32 Server Java is a Java Enterprise Management Platform by joey Personal Developer. Xiaozhi ESP32 Server Java suffers from an injection vulnerability that stems from an incorrect manipulation of the parameter state that can lead to SQL injection...

6.5CVSS7.1AI score0.00264EPSS
Exploits0References4
Rows per page
Query Builder