Lucene search
K

56 matches found

EUVD
EUVD
added 2026/03/17 6:30 p.m.3 views

EUVD-2026-12600

The GL-iNet Comet GL-RM1 KVM does not require authentication on the UART serial console. This attack requires physically opening the device and connecting to the UART pins...

7CVSS5.8AI score0.00332EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/26 7:35 p.m.8 views

EUVD-2026-8826

Fleet: Device lock PIN can be predicted if lock time is known...

4.1CVSS5.2AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/26 12:0 a.m.6 views

PT-2026-22114

Name of the Vulnerable Software and Affected Versions Fleet versions prior to 4.80.1 Description Fleet generates device lock and wipe PINs using a predictable algorithm based on the current Unix timestamp in affected versions. The PIN could potentially be derived if the approximate time the devic...

9.9CVSS6.9AI score0.22162EPSS
Exploits68References136
NVD
NVD
added 2026/02/05 5:16 p.m.7 views

CVE-2026-0714

A physical attack vulnerability exists in certain Moxa industrial computers using TPM-backed LUKS full-disk encryption on Moxa Industrial Linux 3, where the discrete TPM is connected to the CPU via an SPI bus. Exploitation requires invasive physical access, including opening the device and...

7CVSS0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/17 11:45 a.m.4 views

EUVD-2025-203887

A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...

8.4CVSS6.1AI score0.00399EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/15 5:44 p.m.5 views

CVE-2025-37138

An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an...

6.2CVSS7.7AI score0.00687EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2019-6856

Malware in sbrugna...

6.6CVSS6.6AI score0.00363EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-17399

Malware in sbrugna...

8.6CVSS8.5AI score0.01608EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-14743

Malware in sbrugna...

6.7CVSS7AI score0.00528EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-34997

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.00212EPSS
Exploits0References2
CVE
CVE
added 2025/08/06 1:17 a.m.25 views

CVE-2025-8631

CVE-2025-8631 – Kenwood DMX958XR firmware update command injection : The vulnerability exists in the firmware update process of Kenwood DMX958XR devices, caused by improper validation of a user-supplied string before a system call, allowing code execution with root privileges. Attack requires phy...

6.8CVSS7AI score0.00964EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/08/06 1:17 a.m.9 views

CVE-2025-8630 Kenwood DMX958XR Firmware Update Command Injection Vulnerability

Kenwood DMX958XR Firmware Update Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within t...

6.8CVSS0.00964EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/08/05 12:0 a.m.7 views

PT-2025-32049 · Kenwood · Kenwood Dmx958Xr

Name of the Vulnerable Software and Affected Versions: Kenwood DMX958XR affected versions not specified Description: This issue allows attackers with physical access to execute arbitrary code on affected Kenwood DMX958XR devices. The flaw resides in the firmware update process due to insufficient...

6.8CVSS6.9AI score0.00954EPSS
Exploits0References6
CVE
CVE
added 2025/06/25 6:1 p.m.25 views

CVE-2025-5829

Autel MaxiCharger AC Wallbox Commercial is affected by CVE-2025-5829. The issue is a stack-based buffer overflow in JSON message handling caused by insufficient validation of user-supplied data before copying to a fixed-length buffer, enabling remote code execution. Impact: requires physical acce...

6.8CVSS7.8AI score0.00295EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/06/11 9:15 a.m.10 views

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

6.8CVSS0.00258EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2025/06/11 12:0 a.m.7 views

(Pwn2Own) Autel MaxiCharger AC Wallbox Commercial autocharge Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows physically present attackers to execute arbitrary code on affected affected installations of Autel MaxiCharger AC Wallbox Commercial EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of JSON messages...

6.8CVSS7.5AI score0.00295EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:23 p.m.18 views

CVE-2020-26200

A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk KRD and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security KES...

6.8CVSS6.6AI score0.00231EPSS
Exploits0
Cvelist
Cvelist
added 2025/05/14 12:0 a.m.14 views

CVE-2025-25370

An issue in realme GT 2 RMX3311 running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function...

0.00195EPSS
Exploits0References2
CVE
CVE
added 2025/04/23 4:48 p.m.56 views

CVE-2025-2763

CVE-2025-2763 concerns CarlinKit CPC200-CCPA devices where the update package handling over USB lacks proper cryptographic signature verification. The flaw allows physically present attackers to execute arbitrary as root code without authentication, via update packages, per ZDI and Red Hat/NVD/NV...

6.8CVSS7AI score0.00173EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/03/03 3:15 a.m.10 views

CVE-2025-20653

In da, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09291064; Issue I...

6.5CVSS0.00082EPSS
Exploits0References1
Rows per page
Query Builder