Alerts

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for...

An unauthenticated remote attacker can use MQTT messages to crash a service on charging stations complying with German Calibration Law, resulting in a temporary denial-of-service for these stations...

An unauthenticated remote attacker can use MQTT messages to trigger out-of-bounds writes in charging stations complying with German Calibration Law, resulting in a loss of integrity for only...

A physical attacker with access to the device display via USB-C can send a message to the device which triggers an unsecure copy to a buffer resulting in loss of integrity and a temporary...

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

An unauthenticated adjacent attacker can modify configuration by sending specific requests to an API-endpoint resulting in read and write access due to missing authentication.

An unauthenticated local attacker can inject a command that is subsequently executed as root, leading to a privilege escalation.

An unauthenticated remote attacker can alter the device configuration in a way to get remote code execution as root with specific configurations.

An unauthenticated adjacent attacker is able to configure a new OCPP backend, due to insecure defaults for the configuration interface.