CVE-2026-3558

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. Th...

CVE-2026-3558 Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. Th...

CVE-2026-3558

Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. Th...

(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Transient Pairing Mode Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the HomeKit Accessory Protocol service, which listens o...

PT-2026-23777

Name of the Vulnerable Software and Affected Versions Philips Hue Bridge affected versions not specified Description A security issue exists in the Philips Hue Bridge related to the HomeKit Accessory Protocol. Specifically, a static nonce authentication bypass is possible. This allows an attacker...

(Pwn2Own) Philips Hue Bridge HomeKit Accessory Protocol Static Nonce Authentication Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Philips Hue Bridge. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of the SRP authentication mechanism in the HomeKit Accesso...

CVE-2019-25264

Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users...

Cross-site Scripting (XSS)

Overview snipe/snipe-it is an asset management system built on Laravel. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the Accessory Checkout "Notes" field. An attacker can execute arbitrary JavaScript code in the context of an administrator's session by injectin...

EUVD-2021-12332

Malware in sbrugna...

EUVD-2017-1151

Malware in sbrugna...

EUVD-2017-1149

Malware in sbrugna...

EUVD-2022-27733

Malicious code in bioql PyPI...

EUVD-2025-29350

Malicious code in bioql PyPI...

CVE-2022-22588

A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service...

CVE-2021-25436

Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol...

Certain HP Enterprise LaserJet, HP LaserJet Managed Printers – Potential Denial of Service

Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to denial of service when using a wireless accessory connected to devices running Linux. Update your printer firmware...

Session fixation

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic...

CVE-2024-0230

A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic...

PT-2023-17974 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android version Android-13 Description: A logic error in the code of UsbAccessoryUriActivity.java allows for a possible way to escape the Setup Wizard. This could lead to local escalation of privilege with no additional execution privileges...

Google Android elevation of privilege vulnerability (CNVD-2023-55367)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which stems from a lack of bounds checking in the accctrlrequestcomposite of the faccessory.c component, which can be exploited by an attacker to elevate...