Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iii vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-28897
The secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.
Skoda-auto Superb 3 Firmware 2022
5.3
CVSSv3
CVE-2023-28898
The Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system,...
Skoda-auto Superb 3 Firmware 2022
6.1
CVSSv3
CVE-2024-22075
Firefly III (aka firefly-iii) prior to 6.1.1 allows webhooks HTML Injection.
Firefly-iii Firefly Iii
6.8
CVSSv3
CVE-2023-28895
The password for access to the debugging console of the PoWer Controller chip (PWC) of the MIB3 infotainment is hard-coded in the firmware. The console allows attackers with physical access to the MIB3 unit to gain full control over the PWC chip. Vulnerability found on Ško...
Preh Mib3 Firmware
2.4
CVSSv3
CVE-2023-28896
Access to critical Unified Diagnostics Services (UDS) of the Modular Infotainment Platform 3 (MIB3) infotainment is transmitted via Controller Area Network (CAN) bus in a form that can be easily decoded by attackers with physical access to the vehicle. Vulnerability discovered on...
Preh Mib3 Firmware
9.8
CVSSv3
CVE-2023-1788
Insufficient Session Expiration in GitHub repository firefly-iii/firefly-iii before 6.
Firefly-iii Firefly Iii
Firefly-iii Firefly Iii 6.0.0
9.8
CVSSv3
CVE-2023-1789
Improper Input Validation in GitHub repository firefly-iii/firefly-iii before 6.0.0.
Firefly-iii Firefly Iii 6.0.0
Firefly-iii Firefly Iii 5.8.0
Firefly-iii Firefly Iii
4.6
CVSSv3
CVE-2022-40633
A malicious actor can clone access cards used to open control cabinets secured with Rittal CMC III locks.
Rittal Cmc Iii Firmware
6.5
CVSSv3
CVE-2023-0298
Incorrect Authorization in GitHub repository firefly-iii/firefly-iii before 5.8.0.
Firefly-iii Firefly Iii
8.8
CVSSv3
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote malicious users to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machin...
Fromsoftware Dark Souls Iii
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »