Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device’s firmware used for device communication using MQTT. An attacker who gained…

OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal…

PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious…

An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking. Zafiyet ile ilgili Genel Bilgi, Etki ve…

Assmann Digitus Plug&View IP Camera family allows unauthenticated attackers to download a copy of the camera’s settings and the administrator credentials. Zafiyet ile ilgili Genel…

An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.…

Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model…