Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device…

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat. Zafiyet ile ilgili Genel Bilgi,…

A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses…

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview’s whitelist checking function allowing javascript protocol to be…

Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a “Text Field”, “Comment Field”…

Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could…

The “OX Count” web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims…

The “OX Chat” web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims…

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within…