56 matches found
EUVD-2026-12600
The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...
EUVD-2026-8826
Fleet: Device lock PIN can be predicted if lock time is known...
PT-2026-22114
Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet generates device lock and wipe PINs using a predictable algorithm based on the current Unix timestamp in affected versions. The PIN could potentially be derived if the approximate time the devic...
CVE-2026-0714
A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...
EUVD-2025-203887
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...
CVE-2025-37138
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an...
EUVD-2019-6856
Malware in sbrugna...
EUVD-2020-17399
Malware in sbrugna...
EUVD-2018-14743
Malware in sbrugna...
EUVD-2023-34997
Malicious code in bioql PyPI...
CVE-2025-8631
CVE-2025-8631 – Kenwood DMX958XR firmware update command injection : The vulnerability exists in the firmware update process of Kenwood DMX958XR devices, caused by improper validation of a user-supplied string before a system call, allowing code execution with root privileges. Attack requires phy...
CVE-2025-8630 Kenwood DMX958XR Firmware Update Command Injection Vulnerability
Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...
PT-2025-32049 · Kenwood · Kenwood Dmx958Xr
Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows attackers with physical access to execute arbitrary code on affected Kenwood DMX958XR devices. The flaw resides in the firmware update process due to insufficient...
CVE-2025-5829
Autel MaxiCharger AC Wallbox Commercial is affected by CVE-2025-5829. The issue is a stack-based buffer overflow in JSON message handling caused by insufficient validation of user-supplied data before copying to a fixed-length buffer, enabling remote code execution. Impact: requires physical acce...
CVE-2025-26412
The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...
(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON messages...
CVE-2020-26200
A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...
CVE-2025-25370
An issue in realme GT 2 RMX3311 running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function...
CVE-2025-2763
CVE-2025-2763 concerns CarlinKit CPC200-CCPA devices where the update package handling over USB lacks proper cryptographic signature verification. The flaw allows physically present attackers to execute arbitrary as root code without authentication, via update packages, per ZDI and Red Hat/NVD/NV...
CVE-2025-20653
In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue I...