| Page(s) : 1 ... 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 [1167] 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 ... | Result(s) : 327459 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-01-23 | CVE-2025-23960 | cve | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in basteln3rk Save & Import Image from URL allows Reflected XSS. Thi... |
| N/A | 2025-01-23 | CVE-2024-11147 | cve | ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root. |
| N/A | 2025-01-23 | CVE-2024-12078 | cve | ECOVACS robot lawn mowers and vacuums use a shared, static secret key to encrypt BLE GATT messages. An unauthenticated attacker within BLE range can control any robot using the ... |
| N/A | 2025-01-23 | CVE-2024-12079 | cve | ECOVACS robot lawnmowers store the anti-theft PIN in cleartext on the device filesystem. An attacker can steal a lawnmower, read the PIN, and reset the anti-theft mechanism. |
| N/A | 2025-01-23 | CVE-2024-52327 | cve | The cloud service used by ECOVACS robot lawnmowers and vacuums allows authenticated attackers to bypass the PIN entry required to access the live video feed. |
| N/A | 2025-01-23 | CVE-2024-52328 | cve | ECOVACS robot lawnmowers and vacuums insecurely store audio files used to indicate that the camera is on. An attacker with access to the /data filesystem can delete or modify wa... |
| N/A | 2025-01-23 | CVE-2024-52329 | cve | ECOVACS HOME mobile app plugins for specific robots do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic and obtain authenticati... |
| N/A | 2025-01-23 | CVE-2024-52330 | cve | ECOVACS lawnmowers and vacuums do not properly validate TLS certificates. An unauthenticated attacker can read or modify TLS traffic, possibly modifying firmware updates. |
| N/A | 2025-01-23 | CVE-2024-52331 | cve | ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successful... |
| N/A | 2025-01-23 | CVE-2024-55925 | cve | In Xerox Workplace Suite, an API restricted to specific hosts can be bypassed by manipulating the Host header. If the server improperly validates or trusts the Host header witho... |
| N/A | 2025-01-23 | CVE-2025-0650 | cve | A flaw was found in the Open Virtual Network (OVN). Specially crafted UDP packets may bypass egress access control lists (ACLs) in OVN installations configured with a logical sw... |
| 6 | 2025-01-23 | CVE-2024-45672 | cve | IBM Security Verify Bridge 1.0.0 through 1.0.15 could allow a local privileged user to overwrite files due to excessive privileges granted to the agent. which could also cause a... |
| N/A | 2025-01-23 | CVE-2024-55926 | cve | A vulnerability found in Xerox Workplace Suite allows arbitrary file read, upload, and deletion on the server through crafted header manipulation. By exploiting improper validat... |
| N/A | 2025-01-23 | CVE-2024-55927 | cve | A vulnerability in Xerox Workplace Suite arises from flawed token generation and the use of hard-coded keys. These weaknesses allow attackers to predict or forge tokens, leading... |
| N/A | 2025-01-23 | CVE-2024-55928 | cve | Xerox Workplace Suite exposes sensitive secrets in clear text, both locally and remotely. This vulnerability allows attackers to intercept or access secrets without encryption |
| N/A | 2025-01-23 | CVE-2024-55929 | cve | A mail spoofing vulnerability in Xerox Workplace Suite allows attackers to forge email headers, making it appear as though messages are sent from trusted sources. |
| N/A | 2025-01-23 | CVE-2024-55930 | cve | Xerox Workplace Suite has weak default folder permissions that allow unauthorized users to access, modify, or delete files |
| N/A | 2025-01-23 | CVE-2025-22153 | cve | RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in v... |
| 6.4 | 2025-01-23 | CVE-2025-23227 | cve | IBM Tivoli Application Dependency Discovery Manager 7.3.0.0 through 7.3.0.11 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed... |
| N/A | 2025-01-23 | CVE-2025-24033 | cve | @fastify/multipart is a Fastify plugin for parsing the multipart content-type. Prior to versions 8.3.1 and 9.0.3, the `saveRequestFiles` function does not delete the uploaded te... |
| Page(s) : 1 ... 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 [1167] 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 ... | Result(s) : 327459 |
