6.9
CVE-2025-3654 - Petlibro Smart Pet Feeder Platform through 1.7.31 Information Disclosure via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelaβ¦
6.9
CVE-2025-3653 - Petlibro Smart Pet Feeder through 1.7.31 Platform Improper Access Control via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control β¦
6.9
CVE-2025-3652 - Petlibro Smart Pet Feeder Platform through 1.7.31 Audio Information Disclosure via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbβ¦
6.9
CVE-2025-3646 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authorization Bypass via Device Share API
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized accessβ¦
6.9
CVE-2025-15115 - Petlibro Smart Pet Feeder Platform through 1.7.31 Authentication Bypass via API endpoint
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin witβ¦
5.3
CVE-2026-21484 - AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling uβ¦
8.7
CVE-2025-64124 - Nuvation Energy Multi-Stack Controller OS Command Injection
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows OS Command Injection.This issue affects Multi-Stack Controller (MSC): before 2.5.1.
9.4
CVE-2025-64125 - Nuvation Energy nCloud Client-to-Client Communication
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue affected the nCloud VPN Service and was fixed on 2025-12-1 (December, 2025). End users do not have to take any action to mitigate the issue.
7.9
CVE-2025-64123 - Nuvation Energy Multi-Stack Controller Proxy service allows arbitrary BMS access
Unintended Proxy or Intermediary vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Network Boundary Bridging.This issue affects Multi-Stack Controller (MSC): through and including release 2.5.1.
7.2
CVE-2025-64122 - Nuvation Energy Multi-Stack Controller Private Key Stored on Device
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) allows Signature Spoofing by Key Theft.This issue affects Multi-Stack Controller (MSC): through 2.5.1.