34 matches found
CVE-2026-37100
An issue in the Bluetooth Low Energy BLE control interface of the Yamaha SR-B30A sound bar firmware 2.40 Mobile App: Sound Bar Remote / version: 2.40 allows remote attackers within BLE radio range to connect without authentication via the Sound Bar Remote protocol...
CVE-2026-4272
Missing Authentication for Critical Function vulnerability in Honeywell Handheld Scanners allows Authentication Abuse.This issue affects Handheld Scanners: from C1 BaseIngenic x1000 before GK000432BAA, from D1 BaseIngenic x1600 before HE000085BAA, from A1/B1 BaseIMX25 before...
CVE-2024-2105
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
CVE-2024-2105 JBL: Improper validation of ICM field in connection requests
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
EUVD-2024-27069
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
CVE-2024-2105
CVE-2024-2105 concerns JBL Bluetooth audio devices where an unauthorised nearby attacker can trigger a deadlock during BLE connection requests due to improper validation of the ICM field. Related records reference JBL products but do not disclose exact affected versions, exploit details, or remed...
CVE-2024-2105 JBL: Improper validation of ICM field in connection requests
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
PT-2025-50324
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices...
EUVD-2025-26393
Malicious code in bioql PyPI...
CVE-2025-41690
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user Maintenance by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive...
CVE-2025-41690
A low-privileged attacker in bluetooth range may be able to access the password of a higher-privilege user Maintenance by viewing the device’s event log. This vulnerability could allow the Operator to authenticate as the Maintenance user, thereby gaining unauthorized access to sensitive...
CVE-2025-41690
Endress+Hauser Proline 10 maintenance credentials exposure via Bluetooth: a low-privilege attacker within Bluetooth range can view the device event log and access the Maintenance password, enabling authentication as Maintenance and unauthorized access to configuration settings. Documented impact ...
PT-2025-35545
Name of the Vulnerable Software and Affected Versions: Endress+Hauser Promag 10 versions affected versions not specified Description: A low-privileged attacker within Bluetooth range may be able to access the password of a higher-privilege user Maintenance by viewing the device’s event log. This...
PT-2025-35584
Name of the Vulnerable Software and Affected Versions: SunPower PVS6 affected versions not specified Description: The SunPower PVS6’s BluetoothLE interface is vulnerable due to the use of hardcoded encryption parameters and publicly accessible protocol details. An attacker within Bluetooth range...
CVE-2025-55031
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects...
CVE-2025-55031
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability affects...
CVE-2025-55031 Passkey phishing within Bluetooth range
Malicious pages could use Firefox for iOS to pass FIDO: links to the OS and trigger the hybrid passkey transport. An attacker within Bluetooth range could have used this to trick the user into using their passkey to log the attacker's computer into the target account. This vulnerability was fixed...
PT-2025-33876 · Mozilla · Focus For Ios +1
Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 142 Focus for iOS versions prior to 142 Description: Malicious pages could exploit Firefox for iOS to pass FIDO links to the operating system, triggering the hybrid passkey transport. An attacker within...
CVE-2025-32876
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE Legacy Pairing, the Short-Term Key STK can be easily guessed. This requires knowledge of the...
CVE-2024-27867
An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...