The Aqara IAM/SSO gateway (gw-builder.aqara.com) exposes bidirectional AES round-trups against the platform's signing key without authentication. T...
The Aqara Cloud Production API (open-cn.aqara.com/v3.0/open/api) would authorize any valid developer token for access to any account. This is an in...
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) used a hardcoded OAuth client credential, which is an instance of "CWE-798: Use of Hard-coded Cred...
A code injection vulnerability in version 0.4.17 or later of the ChromaDB Python project allows an authenticated attacker to run arbitrary code on ...
CVE-2026-50751 — Check Point IKEv1 Authentication Bypass Standalone proof-of-concept for CVE-2026-50751 — a critical Check Point IKEv1 authenticati...
The iRM-IEI Remote Management developed by IEI Integration Corp has a Hardcoded Credentials vulnerability, allowing unauthenticated remote attacke...
🚨 CVE-2026-35273 - Oracle PeopleSoft PeopleTools Unauthenticated Remote Code Execution --- ⚠️ Critical Unauthenticated RCE in Oracle PeopleSoft Pe...
🚨 CVE-2026-48907 - JCE Joomla Content Editor Unauthenticated Remote Code Execution --- ⚠️ Critical Unauthenticated RCE in JCE Joomla Content Edito...
CVE-2026-49777 CVE-2026-49777 - ShapedPlugin Product Slider Pro for WooCommerce Backdoor RCE In-Depth Technical Analysis: Product Slider Pro Backdo...
CVE-2026-8809 Advanced Custom Fields: Extended = 0.9.2.5 - Unauthenticated Privilege Escalation via Validation Bypass to 'acfpostid' Parameter This...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
