26 matches found
EUVD-2025-18886
Malicious code in bioql PyPI...
EUVD-2025-19545
Malicious code in bioql PyPI...
EUVD-2025-19547
Malicious code in bioql PyPI...
EUVD-2025-19546
Malicious code in bioql PyPI...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52917
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...
CVE-2025-52918
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...
CVE-2025-52917
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52919
In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded...
CVE-2025-52917
The CVE applies to Yealink YMCS RPS API prior to 2025-05-26, where a lack of rate limiting enables information disclosure through excessive requests. Affected component: Yealink RPS API; root cause: missing rate-limiting controls on API endpoints, leading to potential exposure of sensitive data u...
CVE-2025-52916
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration last five digits...
CVE-2025-52916
The CVE-2025-52916 entry concerns Yealink YMCS RPS prior to 2025-06-04, where the system lacks serial-number verification attempt limits, enabling brute-force enumeration of the last five digits. The issue is supported by multiple connected sources (CVE listing, Red Hat, CNNVD, PT Security, and C...
PT-2025-26529 · Yealink · Yealink Ymcs
Name of the Vulnerable Software and Affected Versions: Yealink YMCS versions prior to 2025-05-26 Description: The issue allows unauthorized access to deactivated interfaces due to the lack of prevention of OpenAPI access by frozen enterprise accounts. Recommendations: For Yealink YMCS versions...
CVE-2025-52917
The Yealink RPS API before 2025-05-26 lacks rate limiting, potentially enabling information disclosure via excessive requests...
CVE-2025-52918
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces...
CVE-2025-52918
CVE-2025-52918 affects Yealink RPS (Redirect and Provisioning Service). Before 2025-05-26, OpenAPI access is not blocked for frozen enterprise accounts, allowing unauthorized access to deactivated interfaces. CVSS v3.1 base score 5.0 (medium); impact limited to confidentiality. The available docu...