SEC Consult Vulnerability Lab discovered a critical code injection vulnerability (CVE-2020-6262) with a CVSSv3 Score of 9.9 in SAP® Service Data Download (a part of the SAP® Solution Manager Plugin ST-PI).
The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). SEC Consult conducted a short security test on a software component commonly used to implement this authentication mechanism.
Baby monitors serve an important purpose in securing and monitoring our loved ones. An estimated 52k user accounts and video baby monitors are affected by a number of critical security vulnerabilities in "miSafes" video monitor products.
The security status of sex toys is not only relevant technology wise, but much more so regarding data protection and privacy. In the case of the "Vibratissimo Panty Buster", the database containing explicit images, chat logs, sexual orientation, email addresses, passwords in clear text etc. was basically readable for everyone on the Internet...