| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-11649 | Tomofun Furbo 360/Furbo Mini Root Account hard-coded password | Tomofun | Furbo 360 | High | 7.0 | 2025-10-12 22:32:06 | Deep Dive |
| CVE-2025-11648 | Tomofun Furbo 360/Furbo Mini GATT Interface URL TF_FQDN.json server-side request forgery | Tomofun | Furbo 360 | Medium | 5.6 | 2025-10-12 22:02:06 | Deep Dive |
| CVE-2025-11647 | Tomofun Furbo 360/Furbo Mini GATT Service information disclosure | Tomofun | Furbo 360 | Low | 3.1 | 2025-10-12 21:32:06 | Deep Dive |
| CVE-2025-11646 | Tomofun Furbo 360/Furbo Mini GATT Service access control | Tomofun | Furbo 360 | Medium | 6.3 | 2025-10-12 21:02:05 | Deep Dive |
| CVE-2025-11644 | Tomofun Furbo 360/Furbo Mini UART sensitive information | Tomofun | Furbo 360 | Low | 2.0 | 2025-10-12 20:02:06 | Deep Dive |
| CVE-2025-11643 | Tomofun Furbo 360/Furbo Mini MQTT Client Certificate furbo_img hard-coded credentials | Tomofun | Furbo 360 | Low | 3.7 | 2025-10-12 19:32:06 | Deep Dive |
| CVE-2025-11642 | Tomofun Furbo 360/Furbo Mini Registration denial of service | Tomofun | Furbo 360 | Medium | 4.0 | 2025-10-12 19:02:05 | Deep Dive |
| CVE-2025-11641 | Tomofun Furbo 360/Furbo Mini Trial Restriction access control | Tomofun | Furbo 360 | Low | 3.9 | 2025-10-12 18:32:05 | Deep Dive |
| CVE-2025-11640 | Tomofun Furbo 360/Furbo Mini Bluetooth Low Energy cleartext transmission | Tomofun | Furbo 360 | Low | 3.1 | 2025-10-12 18:02:05 | Deep Dive |
| CVE-2025-11639 | Tomofun Furbo 360/Furbo Mini Debug Log S3 Bucket collect_logs.sh sensitive information | Tomofun | Furbo 360 | Low | 3.3 | 2025-10-12 17:32:05 | Deep Dive |
| CVE-2025-11638 | Tomofun Furbo 360/Furbo Mini Bluetooth denial of service | Tomofun | Furbo 360 | Medium | 4.3 | 2025-10-12 17:02:05 | Deep Dive |
| CVE-2025-11634 | Tomofun Furbo 360/Furbo Mini UART information disclosure | Tomofun | Furbo 360 | Low | 2.4 | 2025-10-12 12:32:05 | Deep Dive |
| CVE-2025-11633 | Tomofun Furbo 360/Furbo Mini HTTP Traffic collect_logs.sh upload_file_to_s3 certificate validation | Tomofun | Furbo 360 | Low | 3.7 | 2025-10-12 12:02:05 | Deep Dive |
| CVE-2025-11408 | D-Link DI-7001 MINI dbsrv.asp buffer overflow | D-Link | DI-7001 MINI | High | 8.8 | 2025-10-07 20:32:06 | Deep Dive |
| CVE-2025-11407 | D-Link DI-7001 MINI upgrade_filter.asp os command injection | D-Link | DI-7001 MINI | Medium | 6.3 | 2025-10-07 20:02:06 | Deep Dive |
| CVE-2025-10250 | DJI Mavic Spark/Mavic Air/Mavic Mini Telemetry Channel hard-coded key | DJI | Mavic Spark | Medium | 5.0 | 2025-09-11 11:32:06 | Deep Dive |
| CVE-2025-7202 | Cross-Site Request Forgery (CSRF) allowed remote control of Elgato Key Lights | Elgato | Key Light | - | - | 2025-08-06 08:28:23 | Deep Dive |
| CVE-2025-41681 | Persistent Cross-Site Scripting via POST Requests Due to Improper Neutralization of Input | MB connect line | mbNET.mini | Medium | 4.8 | 2025-07-21 09:31:26 | Deep Dive |
| CVE-2025-41679 | Unauthenticated Buffer Overflow in Conftool Service Leading to Denial of Service | MB connect line | mbNET.mini | Medium | 5.3 | 2025-07-21 09:31:05 | Deep Dive |
| CVE-2025-41678 | SQL Injection via POST Requests Allowing Configuration Database Manipulation | MB connect line | mbNET.mini | Medium | 6.5 | 2025-07-21 09:30:44 | Deep Dive |