CVE-2026-0045

In btajvrfcommconnect of btajvact.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45570

In bta jv rfcomm connect of bta jv act.cc, there is a possible bypass of bonding for a secure connection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-32875

The CVE-2025-32875 entry concerns the COROS Android app (versions up to 3.8.12). The root issue is that Bluetooth pairing and bonding are neither initiated nor enforced by the app, and the watch also does not enforce them. Consequently, BLE data remains unencrypted, enabling attackers within Blue...

CVE-2021-3436

BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions = 1.14.2, = 2.4.0, = 2.5.0 contain Use of Multiple Resources with Duplicate Identifier CWE-694. For more information, see...