Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Arduino Security Vulnerabilities

cve
cve

CVE-2023-49296

The Arduino Create Agent allows users to use the Arduino Create applications to upload code to any USB connected Arduino board directly from the browser. A vulnerability in versions prior to 1.3.6 affects the endpoint /certificate.crt and the way the web interface of the ArduinoCreateAgent handles....

6.3CVSS

6.2AI Score

0.0005EPSS

2023-12-13 08:15 PM
7
cve
cve

CVE-2023-43803

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass...

7.1CVSS

6.7AI Score

0.001EPSS

2023-10-18 09:15 PM
34
cve
cve

CVE-2023-43800

Arduino Create Agent is a package to help manage Arduino development. The vulnerability affects the endpoint /v2/pkgs/tools/installed. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can escalate his privileges to those...

7.8CVSS

7.5AI Score

0.001EPSS

2023-10-18 10:15 PM
25
cve
cve

CVE-2023-43801

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /v2/pkgs/tools/installed and the way it handles plugin names supplied as user input. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass...

7.1CVSS

6.8AI Score

0.001EPSS

2023-10-18 10:15 PM
28
cve
cve

CVE-2023-43802

Arduino Create Agent is a package to help manage Arduino development. This vulnerability affects the endpoint /upload which handles request with the filename parameter. A user who has the ability to perform HTTP requests to the localhost interface, or is able to bypass the CORS configuration, can.....

7.8CVSS

7.6AI Score

0.001EPSS

2023-10-18 09:15 PM
29
cve
cve

CVE-2019-13991

Embedded systems based on Arduino before Rev3 allow remote attackers to send data to LEDs (directly connected to GPIO pins) via a laser, because of LED...

6.5CVSS

6.4AI Score

0.001EPSS

2019-07-19 09:15 PM
148
cve
cve

CVE-2015-4590

The extractFrom function in Internals/QuotedString.cpp in Arduino JSON before 4.5 allows remote attackers to cause a denial of service (crash) via a JSON string with a \ (backslash) followed by a terminator, as demonstrated by "\0", which triggers a buffer overflow and...

7.3AI Score

0.015EPSS

2015-06-22 06:59 PM
17