Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

RedhatCVE
RedhatCVEadded 2025/10/07 11:13 p.m.5 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS6.7AI score0.00169EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/07 2:6 a.m.21 views

CVE-2025-59447

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS6.5AI score0.00164EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/10/07 2:6 a.m.10 views

CVE-2025-59449

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS7.1AI score0.00264EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/06 9:30 p.m.2 views

EUVD-2025-32584

The YoSmart YoLink MQTT broker through 2025-10-02 does not enforce sufficient authorization controls to prevent cross-account attacks, allowing an attacker to remotely operate affected devices if the attacker obtains the associated device IDs. Because YoLink device IDs are predictable, an attacke...

4.9CVSS6.6AI score0.00264EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/06 9:30 p.m.2 views

EUVD-2025-32581

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS6.5AI score0.00292EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/06 9:30 p.m.5 views

EUVD-2025-32580

The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...

4.3CVSS6.4AI score0.001EPSS
Exploits0References4
NVD
NVDadded 2025/10/06 8:15 p.m.5 views

CVE-2025-59447

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS0.00164EPSS
Exploits0References3
NVD
NVDadded 2025/10/06 8:15 p.m.3 views

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS0.00292EPSS
Exploits0References4
NVD
NVDadded 2025/10/06 8:15 p.m.11 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS0.00169EPSS
Exploits0References4
CVE
CVEadded 2025/10/06 12:0 a.m.10 views

CVE-2025-59451

The connected sources confirm CVE-2025-59451 affects the YoSmart YoLink ecosystem: the YoLink MQTT broker and the YoLink API (through 2025-10-02) use session tokens with unexpectedly long lifetimes, enabling persistent unauthorized access. CISA’s advisory details additional risks tied to this vul...

3.5CVSS6.6AI score0.00292EPSS
Exploits0References4
CVE
CVEadded 2025/10/06 12:0 a.m.11 views

CVE-2025-59450

The CVE-2025-59450 entry concerns YoSmart YoLink Smart Hub firmware 0382 (unencrypted). The documented impact is that data extracted from the device could be used to determine network access credentials, exposing confidentiality. No exploitation details are provided in the supplied documents. Rem...

4.3CVSS6.5AI score0.001EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2025/10/06 12:0 a.m.4 views

CVE-2025-59447

The YoSmart YoLink Smart Hub device 0382 exposes a UART debug interface. An attacker with direct physical access can leverage this interface to read a boot log, which includes network access credentials...

2.2CVSS6.1AI score0.00164EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/10/06 12:0 a.m.3 views

YoSmart YoLink Smart Hub 安全漏洞

The YoSmart YoLink Smart Hub is a smart home hub device from YoSmart USA. A security vulnerability exists in the YoSmart YoLink Smart Hub version 0382, which stems from exposing the UART debugging interface and could lead to the disclosure of network access credentials...

2.2CVSS6.5AI score0.00164EPSS
Exploits0References3
CNNVD
CNNVDadded 2025/10/06 12:0 a.m.4 views

YoSmart YoLink Smart Hub 安全漏洞

YoSmart YoLink Smart Hub is a smart home hub device from YoSmart USA. A security vulnerability exists in YoSmart YoLink Smart Hub version 0382, which stems from unencrypted firmware and could lead to the disclosure of network access credentials...

4.3CVSS6.5AI score0.001EPSS
Exploits0References3
Cvelist
Cvelistadded 2025/10/06 12:0 a.m.7 views

CVE-2025-59451

The YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes...

3.5CVSS0.00292EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2025/10/06 12:0 a.m.5 views

CVE-2025-59452

The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50...

5.8CVSS6.5AI score0.00414EPSS
Exploits0References4
CVE
CVEadded 2025/10/06 12:0 a.m.12 views

CVE-2025-59449

The YoSmart YoLink MQTT broker and ecosystem components through 2025-10-02 contain multiple concrete issues: (1) insufficient authorization controls allow cross-account attack if an attacker learns device IDs, potentially enabling remote control of other users’ devices; (2) YoLink device IDs are ...

4.9CVSS6.8AI score0.00264EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2025/10/06 12:0 a.m.6 views

PT-2025-40947

Name of the Vulnerable Software and Affected Versions YoSmart YoLink Smart Hub firmware version 0382 Description The YoSmart YoLink Smart Hub firmware version 0382 is unencrypted. Data extracted from the device can be used to determine network access credentials. Recommendations At the moment,...

4.3CVSS6.4AI score0.001EPSS
Exploits0References6
Cvelist
Cvelistadded 2025/10/06 12:0 a.m.10 views

CVE-2025-59448

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS0.00169EPSS
Exploits0References4
Cvelist
Cvelistadded 2025/10/06 12:0 a.m.8 views

CVE-2025-59450

The YoSmart YoLink Smart Hub firmware 0382 is unencrypted, and data extracted from it can be used to determine network access credentials...

4.3CVSS0.001EPSS
Exploits0References3
Rows per page
Query Builder