Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

April 22, 2025

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Security researcher Yassine Damiri has uncovered two critical vulnerabilities in the Yi IOT XY-3820 smart camera, posing significant security risks. Both flaws, rated CVSS 9.8, allow unauthenticated a …

Published Date:
Apr 23, 2025 (1 hour, 2 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-29660

CVE-2025-29659

CVE-2025-25427

Source: Read More

Previous ArticleStored XSS Flaw in TP-Link WR841N Routers Could Expose Admin Credentials (CVE-2025-25427)

Next Article Zyxel Patches High-Severity Security Flaws in USG FLEX H Firewalls

Highlights

CVE-2025-5632 – Content-Management-System News-Buzz SQL Injection Vulnerability

June 5, 2025

CVE ID : CVE-2025-5632

Published : June 5, 2025, 4:15 a.m. | 2 hours, 41 minutes ago

Description : A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/users.php. The manipulation of the argument change_to_admin leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

CVE-2025-6719 – WordPress Terms Descriptions Stored Cross-Site Scripting Vulnerability

Why Denmark is breaking up with Microsoft

CVE-2025-34128 – X360 VideoPlayer Buffer Overflow Vulnerability

How to Use Motion Templates to Level Up Social Media Ads

CVE-2025-5632 – Content-Management-System News-Buzz SQL Injection Vulnerability

Lit.js: Building Fast, Lightweight, and Scalable Web Components

Unpatched XSS Vulnerability in Jenkins Gatling Plugin Puts Users at Risk (CVE-2025-5806)

CVE-2025-38229 – “DVB-USB cxusb Uninitialized Variable Write”

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Two Critical RCE Flaws Expose Yi IOT Smart Cameras to Full Device Takeover

Related Posts