CVE-2025-48563

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48563

CVE-2025-48563 covers an elevation-of-privilege flaw in Android caused by an insecure default value in onNullBinding of RemoteFillService.java. The issue can trigger a background activity launch without extra privileges or user interaction, enabling local privilege escalation. Public references c...

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

CVE-2025-32330

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

CVE-2025-32330

CVE-2025-32330 : The issue is in generateRandomPassword of LocalBluetoothLeBroadcast.java, where an insecure default value can allow a nearby attacker to intercept the Auracast audio stream, causing remote information disclosure without extra privileges or user interaction. The connected document...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an information disclosure vulnerability caused by an insecure default value flaw in the generateRandomPasword function in LocalBluetoothLeBroadcast.java. An attacker can exploit the leak to obtai...

PT-2025-36082

Name of the Vulnerable Software and Affected Versions: RemoteFillService.java affected versions not specified Description: The RemoteFillService.java component contains a flaw in the onNullBinding function related to an insecure default value. This can result in unauthorized background activity...

PT-2025-36040

Name of the Vulnerable Software and Affected Versions: LocalBluetoothLeBroadcast.java affected versions not specified Description: An issue exists in the generateRandomPassword function of LocalBluetoothLeBroadcast.java that may allow interception of the Auracast audio stream due to an insecure...

ASB-A-389127608

In generateRandomPassword of LocalBluetoothLeBroadcast.java, there is a possible way to intercept the Auracast audio stream due to an insecure default value. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not...

ASB-A-401545800

In onNullBinding of RemoteFillService.java, there is a possible background activity launch due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

DASAN H660WM 安全漏洞

DASAN H660WM is an optical network terminal from DASAN, Korea. A security vulnerability exists in the DASAN H660WM H660WMR210825 version, which stems from the presence of insecure default credentials...

CVE-2025-29521

Insecure default credentials for the Adminsitrator account of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to escalate privileges via a bruteforce attack...

PT-2025-34655 · D Link · Dsl-7740C

Name of the Vulnerable Software and Affected Versions: D-Link DSL-7740C version DSL7740C.V6.TR069.20211230 Description: The device uses insecure default credentials for the Administrator account, potentially allowing attackers to escalate privileges through a brute-force attack. Recommendations:...

CVE-2025-26470

Incorrect default permissions for some IntelR Distribution for Python software installers before version 2025.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access...

osCommerce Online Merchant 安全漏洞

osCommerce Online Merchant is an e-commerce platform from osCommerce Open Source. A security vulnerability exists in osCommerce Online Merchant version 2.3.4.1, which stems from an insecure default configuration that could lead to remote code execution...

PHOENIX CONTACT CHARX SEC 安全漏洞

PHOENIX CONTACT CHARX SEC is a series of AC charging controllers from PHOENIX CONTACT, Germany. A security vulnerability exists in the PHOENIX CONTACT CHARX SEC that originates from an unauthenticated neighboring attacker being able to configure a new OCPP backend due to the configuration interfa...

TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability

TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI...

CVE-2025-41438 Consilium Safety CS5000 Fire Panel Initialization of a Resource with an Insecure Default

The CS5000 Fire Panel is vulnerable due to a default account that exists on the panel. Even though it is possible to change this by SSHing into the device, it has remained unchanged on every installed system observed. This account is not root but holds high-level permissions that could severely...

CVE-2025-41438

CVE-2025-41438 affects the Consilium Safety CS5000 Fire Panel. The vulnerability stems from a default account with high-level permissions that remains unchanged across installations, and a hard-coded VNC password embedded in the binary, enabling remote access if network access exists. Affected sy...

CVE-2024-20056

In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185...