CVE-2026-31692

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...

CVE-2026-31692

In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlinknscapable check for peer netns rtnlnewlink lacks a CAPNETADMIN capability check on the peer network namespace when creating paired devices veth, vxcan, netkit. This allows an unprivileged user with a...

CVE-2026-31692

In The Linux kernel, CVE-2026-31692 affects the rtnetlink path: the peer namespace CAP_NET_ADMIN check is missing in rtnl_newlink() when creating paired devices (e.g., veth, vxcan, netkit). This enables an unprivileged user with a user namespace to create interfaces in arbitrary network namespace...

EUVD-2026-25336

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...

CVE-2026-41352

OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials can execute arbitrary node commands on the host system without proper node pairing validation...

CVE-2026-28526

BlueKitchen BTstack versions prior to 1.8.1 contain an out-of-bounds read vulnerability in the AVRCP Controller LISTPLAYERAPPLICATIONSETTINGATTRIBUTES and LISTPLAYERAPPLICATIONSETTINGVALUES handlers that allows attackers to read beyond buffer boundaries. A nearby attacker with a paired Bluetooth...

CVE-2026-32922

OpenClaw prior to 2026.3.11 contains a privilege escalation in device.token.rotate that allows callers with operator.pairing scope to mint tokens with broader scopes than their own. The root cause is failure to constrain newly minted scopes to the caller’s current scope set. Attackers can obtain ...

EUVD-2023-25283

Malicious code in bioql PyPI...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to cause an elevation of privilege on a paired device...

PT-2025-36029

Name of the Vulnerable Software and Affected Versions: avrc opt.cc affected versions not specified Description: An out-of-bounds write due to a heap buffer overflow exists in the avrc vendor msg function of avrc opt.cc. This issue could lead to escalation of privilege on a paired device without...

CVE-2023-21307

In Bluetooth, there is a possible way for a paired Bluetooth device to access a long term identifier for an Android device due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation...

PT-2024-23863 · Sunshine · Sunshine

Name of the Vulnerable Software and Affected Versions: Sunshine versions 0.10.0 through 0.22.x Description: The issue affects Sunshine, a self-hosted game stream host for Moonlight. After unpairing all devices in the web UI interface and then pairing only one device, all of the previously paired...

Out-of-bounds

In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-27964

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 5E133. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in Bluetooth range might be able to spoof the intended source...

Google Android 加密问题漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an encryption problem vulnerability that can be exploited by an attacker to cause elevated privileges on paired devices...

CVE-2021-1037

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. This lets apps keep track of what devices are paired without requesting BLUETOOTH permissions.Product: AndroidVersions: Android-10 Android-11...

PT-2022-9144 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions 9 through 12 Description: The issue concerns a broadcast sent by DevicePickerFragment when a new device is paired, lacking permission checks. This allows any app to register and listen for the broadcast, enabling them to trac...

Bluetooth Impersonation Attacks Affect Legions of Devices

Academic researchers have uncovered security vulnerabilities in Bluetooth Classic that allows attackers to spoof paired devices: They found that the bugs allow an attacker to insert a rogue device into an established Bluetooth pairing, masquerading as a trusted endpoint. This allows attackers to...

Apple OS X Bluetooth Security Bypass Vulnerability

Apple OS X is a BSD-based operating system distributed by Apple. A security vulnerability exists in the Apple OS X Bluetooth module, which allows applications to exploit the vulnerability to access the Notification Center of a paired Bluetooth MAC or iOS device...