#auth

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Dreame Technology Equipment: Dreamehome and MOVAhome mobile applications Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Dreame and MOVA mobile apps are affected: Dreamehome iOS app: Versions 2.3.4 and prior Dreamehome Android app: Versions 2.1.8.8 and prior MOVAhome iOS app: Versions 1.2.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens. CVE-2025-8393 has bee...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Packet Power Equipment: EMX, EG Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain full access to the device without authentication. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Packet Power products are affected: EMX: Versions prior to 4.1.0 EG: Versions prior to 4.1.0 3.2 VULNERABILITY OVERVIEW 3.2.1 MISSING AUTHENTICATION FOR CRITICAL FUNCTION CWE-306 By default, the Packet Power Monitoring and Control Web Interface do not enforce authentication mechanisms. This vulnerability could allow unauthorized users to access and manipulate monitoring and control functions. CVE-2025-8284 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). A CVSS v4 score has also been ca...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Yealink Equipment: IP Phones Vulnerability: Improper Restriction of Excessive Authentication Attempts, Allocation of Resources Without Limits or Throttling, Incorrect Authorization, Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Yealink IP products are affected: SIP-T19P_E2: Versions prior to 53.84.0.121 SIP-T21P_E2: Versions prior to 52.84.0.121 SIP-T23G: Versions prior to 44.84.0.121 SIP-T40G: Versions prior to 76.84.0.121 SIP-T40P: Versions prior to 54.84.0.121 SIP-T27G: Versions prior to 69.84.0.121 SIP-T41S: Versions prior to 66.84.0.121 SIP-T42S: Versions prior to 66.84.0.121 SIP-T46S: Versions prior to 66.84.0.121 SIP- T48S: Versions prior to 66.84.0.121 SIP-CP920: Versions prior to 78.84.0.121 SIP-T53: Versions p...

Menlo Park, California, USA, 7th August 2025, CyberNewsWire

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

Hackers tricked workers over the phone at Google, Adidas, and more to grant access to Salesforce data.

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks. "The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view

The Hague, Netherlands, 7th August 2025, CyberNewsWire

The Hague, Netherlands, 7th August 2025, CyberNewsWire

Improper authorization in Azure Windows Virtual Machine Agent allows an unauthorized attacker to elevate privileges over a network.