171 matches found
PT-2025-25421 · Unknown · Cyclone Matrix Trf Smart Keyless Entry System
Name of the Vulnerable Software and Affected Versions: Cyclone Matrix TRF Smart Keyless Entry System versions affected versions not specified Description: The issue concerns the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. Research was completed on the 202...
PT-2025-25420 · Unknown · Kia-Branded Aftermarket Generic Smart Keyless Entry System
Name of the Vulnerable Software and Affected Versions: KIA-branded Aftermarket Generic Smart Keyless Entry System versions 2022 through 2025 Description: The issue is related to the use of fixed learning codes in the Key Fob Transmitter, which allows a replay attack. This affects KIA vehicles in...
KIA Aftermarket Generic Smart Keyless Entry System 安全漏洞
KIA Aftermarket Generic Smart Keyless Entry System is an automotive smart door locking system from KIA, a South Korean company. A security vulnerability exists in the KIA Aftermarket Generic Smart Keyless Entry System that stems from the use of fixed learning code, which could lead to replay...
CVE-2024-54140
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
CVE-2023-50128
The remote keyless system of the Hozard alarm system alarmsystemen v1.0 sends an identical radio frequency signal for each request, which results in an attacker being able to conduct replay attacks to bring the alarm system to a disarmed state...
CVE-2023-26943
Weak encryption mechanisms in RFID Tags in Yale Keyless Lock v1.0 allows attackers to create a cloned tag via physical proximity to the original...
CVE-2022-37305
The Remote Keyless Entry RKE receiving unit on certain Honda vehicles through 2018 allows remote attackers to perform unlock operations and force a resynchronization after capturing five consecutive valid RKE signals over the radio, aka a RollBack attack. The attacker retains the ability to unloc...
CVE-2022-36945
The Remote Keyless Entry RKE receiving unit on certain Mazda vehicles through 2020 allows remote attackers to perform unlock operations and force a resynchronization after capturing three consecutive valid key-fob signals over the radio, aka a RollBack attack. The attacker retains the ability to...
SoK: Stealing Cars since Remote Keyless Entry Introduction and How to Defend from It
Remote Keyless Entry RKE systems have been the target of thieves since their introduction in automotive industry. Robberies targeting vehicles and their remote entry systems are booming again without a significant advancement from the industrial sector being able to protect against them...
CVE-2025-29778
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...
SUSE CVE-2025-29778
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...
CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...
CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp
Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...
Kyverno 授权问题漏洞
Kyverno is a policy engine designed for Kubernetes that is open sourced by Kyverno. An authorization issue vulnerability exists in versions prior to Kyverno 1.14.0-alpha.1 that stems from ignoring subjectRegExp and IssuerRegExp when verifying artifact signatures in keyless mode, which could lead ...
PT-2025-12664 · Kyverno · Kyverno
Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.14.0-alpha.1 Description: Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores the subjectRegExp and issuerRegExp fields when verifying...
CVE-2024-54140 sigstore-java has a vulnerability with bundle verification
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify. Currently...
PT-2024-36069 · Unknown · Sigstore-Java
Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to 1.2.0 Description: The issue is related to insufficient verification for a situation where a bundle provides an invalid signature for a checkpoint. This affects clients using any variation of...
CVE-2024-53267 Vulnerability with bundle verification in sigstore-java
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation...
PT-2024-35702 · Unknown · Sigstore-Java
Name of the Vulnerable Software and Affected Versions: sigstore-java versions prior to v1.1.0 Description: The issue is related to insufficient verification in sigstore-java for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log...
Teslas Can Still Be Stolen With a Cheap Radio Hack—Despite New Keyless Tech
Ultra-wideband radio has been heralded as the solution for “relay attacks” that are used to steal cars in seconds. But researchers found Teslas equipped with it are as vulnerable as ever...