Filtered by vendor Rbi
Subscribe
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-62647 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 5.0 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path. | |||||
| CVE-2025-62648 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 6.4 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume. | |||||
| CVE-2025-62649 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 5.8 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders. | |||||
| CVE-2025-62650 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 8.3 HIGH |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. | |||||
| CVE-2025-62651 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-31 | N/A | 6.5 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface. | |||||
| CVE-2025-62642 | 1 Rbi | 1 Restaurant Brands International Assistant | 2025-10-28 | N/A | 5.8 MEDIUM |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account. | |||||