Lucene search
K
Bdu FstecRecent

90604 matches found

BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the client tool library for the Sentry SDK platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the client tool library for the Sentry SDK platform is related to the lack of protection for operational data. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

5.3CVSS5.8AI score0.00198EPSS
Exploits0References12Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.5 views

The vulnerability of the npm package manager lies in the incorrect restriction on the path name for restricted access directories, allowing attackers to write arbitrary files.

The vulnerability of the npm package manager is related to incorrect restrictions on path names in restricted access catalogs. Exploiting this vulnerability allows a malicious actor to write arbitrary files...

7.8CVSS5.9AI score0.00433EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the `fs.statSync()` and `fs.readFileSync()` functions in the pnpm package manager’s script `store/cafs/src/addFilesFromDir.ts` allows a malicious actor to gain unauthorized access to protected information.

The vulnerability of the fs.statSync and fs.readFileSync functions in the pnpm package manager’s script store/cafs/src/addFilesFromDir.ts is related to an incorrect definition of references before accessing files. Exploiting this vulnerability could allow an attacker to gain unauthorized access t...

5.5CVSS5.8AI score0.00469EPSS
Exploits1References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability in the web interface for managing Tenda W30E micro-program software routers allows a perpetrator to gain unauthorized access to read data.

The vulnerability of the web-based management interface for Tenda W30E micro-programmed router software is related to the unencrypted storage of critical information. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read data...

6.8CVSS5.8AI score0.00189EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of Tenda W30E router microprogramming software, related to the disclosure of information through browser caching, allows attackers to gain unauthorized access to protected information.

The vulnerability of Tenda W30E router microprogramming software is related to the disclosure of information through browser caching. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...

5.5CVSS5.8AI score0.00154EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the Search and Discovery functions in Hikvision’s network video recorder (NVR), digital video recorder (DVR), centralized video recorder (CVR), and IP camera (IPC) software systems allows a intruder to trigger a service failure.

The vulnerability of the Search and Discovery functions in Hikvision’s network video recorder NVR, digital video recorder DVR, centralized video recorder CVR, and IP camera IPC devices is related to buffer overflow in the stack. Exploiting this vulnerability can allow an attacker to cause a servi...

8.8CVSS6.3AI score0.00323EPSS
Exploits0References2Affected Software98
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the systemutil.cgi component of the Telesquare TLR-2005Ksh router software allows a intruder to gain unauthorized access to protected information.

The vulnerability of the systemutil.cgi component of the Telesquare TLR-2005Ksh microprogramming device lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow an unauthorized attacker to gain unauthorized access to protected information...

7.8CVSS5.8AI score0.00434EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Spring Boot Actuator component in the corporate security solution for the TeleMessage TM SGNL messaging service allows attackers to compromise the confidentiality of the protected information.

The vulnerability of the Spring Boot Actuator component in the corporate security solution for message exchange via TeleMessage TM SGNL is related to the insecure initialization of resources. Exploiting this vulnerability could allow a malicious actor, operating remotely, to compromise the...

5.3CVSS7.5AI score0.08489EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the SICK TDC-X401GL industrial controller’s microprogramming software, due to deficiencies in access control, allows intruders to compromise the confidentiality and integrity of the protected information.

The vulnerability of the SICK TDC-X401GL industrial controller’s microprogramming software is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker, operating remotely, to compromise the confidentiality and integrity of the protected information...

9.1CVSS5.8AI score0.00541EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the platform’s expression calculation mechanism for automating work processes on n8n allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the platform’s expression calculation mechanism for automating work processes in n8n is related to the failure to take measures to neutralize instructions in dynamically executed code. Exploiting this vulnerability allows a remote attacker to execute arbitrary JavaScript code...

9.9CVSS7.9AI score0.18071EPSS
Exploits2References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the XRDP server, related to the execution of operations beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of the XRDP server is related to the execution of operations outside the buffer in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.4CVSS7.8AI score0.01318EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the application software interface of the zVirt virtualization platform, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the application software interface of the zVirt virtualization platform is related to deficiencies in the mechanism for generating error reports. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected informatio...

4.3CVSS5.8AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the application software interface of the zVirt virtualization platform, which allows a perpetrator to gain unauthorized access to protected information

The vulnerability of the application programming interface of the zVirt virtualization platform is related to access control errors. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information by sending a specially crafted G...

6.8CVSS5.8AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from insufficient protection of registration data, allowing attackers to disclose sensitive information.

The vulnerability of Git-based software platform configurations for collaborative code development on GitLab is related to insufficient protection of registration data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to expose the protected information...

2.1CVSS5.8AI score0.00212EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE arises from the lack of checks for the return value. This allows attackers to increase their privileges.

The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE is related to the lack of checking for the return value. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

7.4CVSS6.2AI score0.00832EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE lies in its unlimited resource distribution. This allows a hacker to trigger a service failure by sending repeated incorrect SSH authentication requests.

The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE is related to the unlimited distribution of resources. Exploiting this vulnerability allows a malicious actor to cause service failures by sending repeated incorrect SSH authentication requests...

5.3CVSS6.2AI score0.00538EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Filesystems component of the Oracle ZFS Storage Appliance Kit allows a hacker to gain unauthorized access for updating, inserting, or deleting data.

The vulnerability of the Filesystems component of the Oracle ZFS Storage Appliance Kit is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain unauthorized access for updating, inserting, or deleting data...

2.3CVSS7.1AI score0.00131EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE lies in the execution of a loop with an unreachable exit condition. This allows a malicious actor to trigger a service failure by configuring incorrect wiki documents.

The vulnerability of the Git-based software platform for collaborative code development on GitLab CE/EE is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability allows a malicious actor to cause service failures by configuring incorrect wiki document...

6.8CVSS6.3AI score0.00521EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to memory resource exhaustion, allows a hacker to trigger a service failure.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to the exhaustion of memory resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures when processing HTTP responses...

6.8CVSS5.8AI score0.00362EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Scripting Admin component of the software tool for creating and processing scripts in the Oracle Scripting system of the Oracle E-Business Suite allows a malicious individual to gain unauthorized access to read, update, insert, or delete data.

The vulnerability of the Scripting Admin component of the Oracle E-Business Suite software for creating and processing scripts related to enterprise automation activities is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, ...

6.4CVSS7.1AI score0.002EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the Core sub-component of the Oracle Configurator component in the Oracle E-Business Suite system allows a perpetrator to gain access to data for reading purposes.

The vulnerability of the Core sub-component of the Oracle Configurator component in the Oracle E-Business Suite system relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain read access to data...

5.3CVSS7.1AI score0.00219EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the Java VM component of the Oracle Database Server system allows a hacker to trigger a service failure.

The vulnerability of the Java VM component of the Oracle Database Server management system is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...

6.8CVSS7AI score0.00215EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of Airoha Technology’s TWS earphones’ BR/EDR Bluetooth chips allows intruders to circumvent existing security restrictions.

The vulnerability of Airoha Technology’s TWS earphones’ BR/EDR Bluetooth chips lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow attackers to circumvent existing security restrictions...

6.3CVSS6.2AI score0.04372EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.1 views

The vulnerability of the Linux operating system’s kernel, allowing a hacker to execute arbitrary code

The vulnerability of the Linux operating system’s kernel is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

7.8CVSS7AI score0.00162EPSS
Exploits0References5Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the MCP protocol server’s codehooks-mcp-server lies in its failure to neutralize special elements used in the operating system commands. This allows attackers to execute arbitrary commands.

The vulnerability of the MCP protocol’s codehooks-mcp-server relates to the failure to take measures to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

10CVSS6.1AI score0.01297EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Linux operating system’s kernel, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel is related to insufficient resource control during its existence. Exploiting this vulnerability can allow an attacker to cause service failures...

5.5CVSS5.9AI score0.00177EPSS
Exploits0References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.1 views

The vulnerability of the administrative panel of the Telpo MDM mobile device management platform, related to the manipulation of cross-site requests, allows a perpetrator to execute a CSRF attack.

The vulnerability of the administrative panel of the Telpo MDM mobile device management platform is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to perform a CSRF attack remotely...

8CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.5 views

The vulnerability of the RGW component of the Ceph data storage system, which allows a hacker to cause a service failure.

The vulnerability of the RGW storage system Ceph is related to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures...

7.8CVSS7.1AI score0.0044EPSS
Exploits1References11Affected Software6
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Mattermost instant messaging application, which stems from the use of incorrect authentication tokens due to unlimited resource distribution, allows a hacker to cause a service failure.

The vulnerability of the Mattermost instant messaging application is related to the use of incorrect authentication tokens due to unlimited resource distribution. Exploiting this vulnerability could allow a malicious actor to cause service failures by sending specially crafted HTTP requests...

6.8CVSS5.8AI score0.00318EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the Suricata intrusion detection and prevention system, related to the use of memory after it is freed, allows an intruder to trigger a service failure.

The vulnerability of the Suricata intrusion detection and prevention system lies in the use of memory after it is freed. Exploiting this vulnerability can allow a remote attacker to cause a service failure...

9.4CVSS5.8AI score0.00344EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the .dylib file of the Sublime Text text editor on the Mac OS allows a hacker to execute arbitrary code.

The vulnerability of the .dylib file of the Sublime Text text editor on the Mac OS operating system is related to an uncontrolled search path element. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS6.1AI score0.00459EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.1 views

The vulnerability of the png_image_read_direct_scaled() function in the libpng library, which allows a hacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the pngimagereaddirectscaled function in the libpng library relates to the reading of data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information or cause service failures...

7.1CVSS6.9AI score0.00172EPSS
Exploits1References9Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.1 views

The vulnerability of the name_size() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the namesize function in the Linux operating system’s kernel is related to incorrect array indexing. Exploiting this vulnerability could allow an attacker to cause a service failure...

6.3CVSS5.8AI score0.00166EPSS
Exploits0References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the hnd_parentalctrl_unblock() function in the Linksys Router E2500 router software allows a intruder to execute arbitrary code.

The vulnerability of the hndparentalctrlunblock function in the Linksys Router E2500 microprogrammed software is related to incorrect code generation. Exploiting this vulnerability could allow an attacker to execute arbitrary code...

8CVSS6.1AI score0.00755EPSS
Exploits1References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.5 views

The vulnerability of the Policy Wizard (/wiz_policy_3_machine.php) web interface for managing D-Link DIR-615D router microprogramming software allows a perpetrator to escalate their privileges and execute arbitrary commands.

The vulnerability of the Policy Wizard /wizpolicy3machine.php web interface for managing D-Link DIR-615D router microprogramming software is related to the failure to take measures to neutralize special elements during the processing of the ipaddr parameter. Exploiting this vulnerability can allo...

9CVSS7.3AI score0.05258EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the zVirt virtualization platform, related to the lack of protective measures for the website structure, allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the zVirt virtualization platform lies in the lack of protection for the structure of the web page during the processing of the errordescription parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code, provided that the user open...

10CVSS6AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the Suricata intrusion detection and prevention system, related to excessive load on the central processor, allows an intruder to trigger a service failure.

The vulnerability of the Suricata intrusion detection and prevention system is related to excessive load on the central processor. Exploiting this vulnerability can allow a malicious actor to cause a service failure...

5.3CVSS5.8AI score0.00312EPSS
Exploits0References6Affected Software3
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.1 views

The vulnerability of the authentication system of the zVirt virtualization platform allows a hacker to gain unauthorized access to user’s authentication data.

The vulnerability of the authentication system of the zVirt virtualization platform relates to the redirection of URLs to unreliable websites when processing the redirecturl parameter. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to...

10CVSS5.8AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of the templates/logging_macros.vm file on the XWiki Platform allows a hacker to execute cross-site scripting attacks.

The vulnerability of the templates/loggingmacros.vm file on the XWiki Platform involves a lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow an attacker, operating remotely, to execute cross-site scripting attacks using a specially created link...

7.5CVSS5.7AI score0.00503EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows a hacker to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

8.3CVSS7.6AI score0.00297EPSS
Exploits1References6Affected Software2
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the safe_extract() function in the ClearML machine learning platform allows a hacker to execute arbitrary code.

The vulnerability of the safeextract function in the ClearML machine learning platform is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a attacker to execute arbitrary code...

6.2CVSS6.5AI score0.00276EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the canonical/get-workflow-version-action component of the platform for automating GitHub Actions work processes allows a hacker to gain access to the secret GITHUB_TOKEN.

The vulnerability of the “canonical/get-workflow-version-action” component of the platform for automating GitHub Actions processes is related to insufficient protection of registration data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain access to the...

8.2CVSS5.8AI score0.00589EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Relationship Pricing component in the Oracle FLEXCUBE Universal Banking system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Relationship Pricing component in the Oracle FLEXCUBE Universal Banking banking service system is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected informatio...

6.8CVSS7.1AI score0.00251EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.6 views

The vulnerability of the Workflow Loader component of the Oracle Workflow system allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the Workflow Loader component of the Oracle Workflow system relates to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

6.8CVSS7.1AI score0.00307EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The security vulnerability of the Oracle Zero Data Loss Recovery Appliance software, which allows an attacker to gain read access to data.

The security vulnerability of the Oracle Zero Data Loss Recovery Appliance software relates to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain read access to the data...

3.1CVSS7.1AI score0.00164EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the Platform component of the Oracle Life Sciences Central Designer allows a malicious individual to gain read access to data.

The vulnerability of the Platform component of the Oracle Life Sciences Central Designer software relates to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to gain read access to data...

5.3CVSS7.1AI score0.00219EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.3 views

The vulnerability of the General component of the scalable framework for creating and deploying applications, which allows a malicious actor to gain unauthorized access to read, update, insert, or delete data.

The vulnerability of the General component of the scalable framework for creating and deploying applications is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to read, update, insert, or delete...

5.5CVSS7.1AI score0.0018EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of Airoha Technology’s GATT Bluetooth chip-based TWS earphones lies in the lack of authentication for a critical function, allowing attackers to circumvent existing security restrictions.

The vulnerability of Airoha Technology’s GATT Bluetooth chip-based TWS earbuds lies in the lack of authentication for a critical function. Exploiting this vulnerability could allow attackers to circumvent existing security restrictions...

6.3CVSS6.1AI score0.06496EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.4 views

The vulnerability of Airoha Technology’s Custom Protocol Bluetooth-chip-based TWS earphones allows a hacker to circumvent existing security restrictions.

The vulnerability of Airoha Technology’s Custom Protocol Bluetooth-chip TWS headphones is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow attackers to circumvent existing security restrictions...

5.5CVSS6.1AI score0.05413EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2026/01/30 12:0 a.m.2 views

The vulnerability of the user interface of the Telpo MDM device management platform, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks (XSS).

The vulnerability of the user interface of the Telpo MDM device management platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

6.8CVSS5.6AI score
Exploits0References1Affected Software1
Total number of security vulnerabilities90604