| Page(s) : 1 ... 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 [1147] 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 ... | Result(s) : 301597 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-01-23 | CVE-2024-12079 | cve | ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. |
| N/A | 2025-01-23 | CVE-2024-52327 | cve | The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. |
| N/A | 2025-01-23 | CVE-2024-52328 | cve | ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify wa... |
| N/A | 2025-01-23 | CVE-2024-52329 | cve | ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authenticati... |
| N/A | 2025-01-23 | CVE-2024-52330 | cve | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. |
| N/A | 2025-01-23 | CVE-2024-52331 | cve | ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successful... |
| N/A | 2025-01-23 | CVE-2024-55925 | cve | In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header witho... |
| N/A | 2025-01-23 | CVE-2025-0650 | cve | A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical sw... |
| 6 | 2025-01-23 | CVE-2024-45672 | cve | IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a... |
| N/A | 2025-01-23 | CVE-2024-55926 | cve | A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validat... |
| N/A | 2025-01-23 | CVE-2024-55927 | cve | A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading... |
| N/A | 2025-01-23 | CVE-2024-55928 | cve | Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption |
| N/A | 2025-01-23 | CVE-2024-55929 | cve | A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. |
| N/A | 2025-01-23 | CVE-2024-55930 | cve | Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files |
| N/A | 2025-01-23 | CVE-2025-22153 | cve | RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in v... |
| 6.4 | 2025-01-23 | CVE-2025-23227 | cve | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed... |
| N/A | 2025-01-23 | CVE-2025-24033 | cve | @fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded te... |
| N/A | 2025-01-23 | CVE-2025-24034 | cve | Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Starting in version 0.7.0 and prior to versions 0.7.15 and 0.8.3, Himmelblau is vulnerable to le... |
| N/A | 2025-01-23 | CVE-2025-24353 | cve | Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.2.0, when sharing an item, a typical user can specify an arbitrary role. It ... |
| 5.4 | 2025-01-23 | CVE-2024-12043 | cve | The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting... |
| Page(s) : 1 ... 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 [1147] 1148 1149 1150 1151 1152 1153 1154 1155 1156 1157 ... | Result(s) : 301597 |
