CVE-2026-25508 ESF-IDF Has Memory Safety Vulnerabilities in BLE Provisioning

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.2, 5.4.3, 5.3.4, 5.2.6, and 5.1.6, an out-of-bounds read vulnerability was reported in the BLE ATT Prepare Write handling of the BLE provisioning transport protocommble. The issue can be triggered by a remote B...

EUVD-2022-48100

Malicious code in bioql PyPI...

EUVD-2024-46255

Malicious code in bioql PyPI...

PT-2025-26313 · Coros · Coros Pace 3

Name of the Vulnerable Software and Affected Versions: COROS PACE 3 devices versions through 3.0808.0 Description: An issue was discovered in the BLE implementation of the COROS smartwatch, which does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In this pairing metho...

CVE-2024-3077

An malicious BLE device can crash BLE victim device by sending malformed gatt packet...

CVE-2024-52325 ECOVACS robot lawnmowers and vacuums command injection

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin over an unauthenticated BLE connection...

CVE-2024-52325 ECOVACS robot lawnmowers and vacuums command injection

ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin over an unauthenticated BLE connection...

Silicon BLE 安全漏洞

Silicon BLE is a low-power Bluetooth program from Silicon Corporation, USA. A security vulnerability exists in Silicon BLE versions 7.1.1 and earlier and 8.0.0, which stems from a denial of service condition in a single BLE peripheral device in a network when multiple centralized devices are...

CVE-2022-32505

An issue was discovered on certain Nuki Home Solutions devices. It is possible to send multiple BLE malformed packets to block some of the functionality and reboot the device. This affects Nuki Smart Lock 3.0 before 3.3.5 and Nuki Smart Lock 2.0 before 2.12.4...

PT-2023-20884 · Bluetens · Bluetensq

Name of the Vulnerable Software and Affected Versions: Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 Description: The issue allows attackers to perform Man-in-the-middle attacks in the BLE channel, enabling them to decrease or increase the intensity of the stimulator by...

CVE-2023-33383

Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload...

CVE-2022-45191

An issue was discovered on Microchip RN4870 1.43 devices. An attacker within BLE radio range can cause a denial of service by sending a pair confirm message with wrong values...

CVE-2021-35951

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows an Unauthenticated Remote attacker to send a malicious firmware update via BLE and brick the device...

CVE-2019-2102

In the Bluetooth Low Energy BLE specification, there is a provided example Long Term Key LTK. If a BLE device were to use this as a hardcoded LTK, it is theoretically possible for a proximate attacker to remotely inject keystrokes on a paired Android host due to improperly used crypto. User...