Filtered by vendor Restaurant Brands International
Subscriptions
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-62651 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 6.5 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 does not implement access control for the bathroom rating interface. | ||||
| CVE-2025-62642 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 5.8 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has an "Anyone Can Join This Party" signup API that does not verify user account creation, allowing a remote unauthenticated attacker to create a user account. | ||||
| CVE-2025-62647 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 5 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 provides the functionality of returning a JWT that can be used to call an API to return a signed AWS upload URL, for any store's path. | ||||
| CVE-2025-62650 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 8.3 High |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for use of the diagnostic screen. | ||||
| CVE-2025-62648 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 6.4 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to adjust Drive Thru speaker audio volume. | ||||
| CVE-2025-62645 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 9.9 Critical |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows a remote authenticated attacker to obtain a token with administrative privileges for the entire platform via the createToken GraphQL mutation. | ||||
| CVE-2025-62649 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 5.8 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 relies on client-side authentication for submission of equipment orders. | ||||
| CVE-2025-62643 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 3.4 Low |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages. | ||||
| CVE-2025-62646 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 5 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers. | ||||
| CVE-2025-62644 | 1 Restaurant Brands International | 1 Assistant Platform | 2025-10-21 | 5 Medium |
| The Restaurant Brands International (RBI) assistant platform through 2025-09-06 has a Global Store Directory that shares personal information among authenticated users. | ||||
Page 1 of 1.