15 matches found
CVE-2026-1354
Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...
Exploit for CVE-2020-98765
FirmwareForge - Advanced Firmware & Hardware Exploitation Tool...
EUVD-2016-7485
Malware in sbrugna...
EUVD-2019-7050
Malware in sbrugna...
CVE-2025-30199
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...
CVE-2025-30199
ECOVACS vacuum robot base stations are described as not validating firmware updates and operating over an insecure Wi‑Fi link with a deterministic WPA2‑PSK key that can be derived from the device serial number. This enables potential malicious over‑the‑air updates or code execution through the up...
CVE-2025-30199 ECOVACS Vacuum and Base Station accept unsigned firmware
ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...
Leaked Android Platform Certificates Create Risks for Users
On November 30, 2022, a Google apvi report from Łukasz Siewierski initially filed on November 11, 2022 was made public. The report contained 10 different platform certificates and malware sample SHA256 sums where the malware sample had been signed by a platform certificate — the application signi...
Five Critical Android Bugs Patched, Part of Feb. Security Bulletin
Google patched five critical bugs in its Android operating system as part of its February Security Bulletin. Two of the flaws were remote code execution vulnerabilities found within the Android media framework and system. Three additional critical Qualcomm bugs were reported by Google and patched...
Google Patches 11 Critical RCE Android Vulnerabilities
Remote code-execution RCE vulnerabilities dominated Google’s December Android Security Bulletin. The flaws are part of a total of 53 unique bugs patched by the Android security team, with a total number of 11 critical bugs – six of which are RCE flaws tied to the operating system’s Media Framewor...
Google Patches Critical Vulnerabilities in Android OS
Google patched six critical remote code execution flaws in its Android operating system as part of its October Android Security Bulletin. Four of those remote code execution flaws are tied to Android’s Media framework and impact a wide range of Android devices including Google’s Pixel and Nexus...
Google Patches 10 Critical Bugs in August Android Security Bulletin
Google patched 10 critical remote code execution bugs in its August Android Security Bulletin issued Monday. It warned the most severe RCE vulnerabilities could enable a remote attacker, using a specially crafted file, to execute arbitrary code within the context of a privileged process. The...
flash-plugin: multiple code execution issues fixed in APSB16-08
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a deni...
Samsung's Swift Keyboard Update Mechanism Exposes 600M Devices
The Swift keyboard, installed by default on Samsung Android mobiles, exposes devices to a host of remote attacks that could be executed by attackers ranging from criminals sitting man-in-the-middle on local Wi-Fi networks, to a state actor in an upstream position at an ISP or backbone. NowSecure...
CoolReaper Backdoor Found On CoolPad Android Mobile Devices
A popular Android smartphone sold primarily in China and Taiwan but also available worldwide, contains a backdoor from the manufacturer that is being used to push pop-up advertisements and install apps without users’ consent. The Coolpad devices, however, are ripe for much more malicious abuse,...