20 matches found
EUVD-2025-22804
Malicious code in bioql PyPI...
CVE-2025-8210
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components...
CVE-2025-8210
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components...
CVE-2025-8210 Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components...
CVE-2025-8210 Yeelink Yeelight App com.yeelight.cherry AndroidManifest.xml improper export of android application components
A vulnerability was found in Yeelink Yeelight App up to 3.5.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component com.yeelight.cherry. The manipulation leads to improper export of android application components...
CVE-2025-8210
CVE-2025-8210 affects Yeelink Yeelight App for Android (up to v3.5.4), targeting the AndroidManifest.xml in the com.yeelight.cherry component. The root cause is improper export of Android components due to manipulation of an unknown function within the manifest, enabling local access exploitation...
PT-2025-30987 · Yeelink · Yeelight App +1
Name of the Vulnerable Software and Affected Versions: Yeelink Yeelight App versions up to 3.5.4 Description: A vulnerability exists in the Yeelink Yeelight App on Android. The issue involves improper export of android application components due to manipulation of an unknown function within the...
Yeelight App 安全漏洞
Yeelight App is an application for controlling smart lighting products from the Chinese company Yeelight. A security vulnerability exists in Yeelight App 3.5.4 and earlier versions, which originates from the file AndroidManifest.xml that causes improper export of Android components...
CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...
CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...
CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...
Design/Logic Flaw
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...
CVE-2023-42189
Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denia...
PT-2023-28290 · Nanoleaf +5 · Nanoleaf Light Strip +5
Name of the Vulnerable Software and Affected Versions: Connectivity Standards Alliance Matter Official SDK version 1.1.0.0 Nanoleaf Light strip version 3.5.10 Govee LED Strip version 3.00.42 switchBot Hub2 versions 1.0-0.8 Phillips hue hub version 1.59.1959097030 yeelight smart lamp version 1.12....
CVE-2023-42189
CVE-2023-42189 describes an Insecure Permissions vulnerability affecting multiple Matter ecosystem devices: Connectivity Standards Alliance Matter Official SDK (v1.1.0.0), Nanoleaf Light Strip (v3.5.10), Govee LED Strip (v3.00.42), switchBot Hub2 (v1.0–0.8), Philips Hue Hub (v1.59.1959097030), an...
Xiaomi Yeelight Smart AI Speaker Access Control Error Vulnerability
Xiaomi Yeelight Smart AI Speaker is a smart speaker from Chinese company Xiaomi Technology Xiaomi. An access control error vulnerability exists in Xiaomi Yeelight Smart AI Speaker version 3.3.100074. The vulnerability stems from a network system or product not properly restricting access to...
Improper access control
Yeelight Smart AI Speaker 3.3.100074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user...
CVE-2018-20007
Yeelight Smart AI Speaker 3.3.100074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user...
CVE-2018-20007
Yeelight Smart AI Speaker 3.3.100074 devices have improper access control over the UART interface, allowing physical attackers to obtain a root shell. The attacker can then exfiltrate the audio data, read cleartext Wi-Fi credentials in a log file, or access other sensitive device and user...
CVE-2018-20007
CVE-2018-20007 affects Yeelight Smart AI Speaker version 3.3.10_0074. The vulnerability is due to improper access control over the UART interface, enabling a physical attacker to obtain a root shell and then exfiltrate audio data, read cleartext Wi‑Fi credentials in a log file, or access other se...