CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added yesterday•10 views

CVE-2026-10651

The CVE-2026-10651 affects Zephyr’s Bluetooth Classic SDP parser (subsys/bluetooth/host/classic/sdp.c) where bt_sdp_parse_attribute() reads a 3-byte attribute (1-byte type, 2-byte id) but then unconditionally pulls an extra value type byte without verifying remaining length. A truncated 3-byte at...

7.1CVSS6AI score

NVD•added yesterday•8 views

CVE-2025-4994

The SafeLine SL6 and SL6+ devices integrated into elevator emergency intercom systems are vulnerable to an authentication bypass. This vulnerability allows attackers to bypass authentication requirements and access the device's configuration service via the Bluetooth Low Energy BLE interface...

8.7CVSS

CVE•added yesterday•12 views

CVE-2025-4994

CVE-2025-4994 affects SafeLine SL6 and SL6+ devices used in elevator emergency intercoms. A BLE-facing authentication bypass allows an attacker within wireless range to obtain unauthorized administrative access to the device configuration. Documented impact includes high affects on confidentialit...

8.7CVSS5.9AI score

ATTACKERKB•added yesterday•4 views

CVE-2025-4994

8.7CVSS5.9AI score

Exploits0References2Affected Software1

EUVD•added yesterday•5 views

EUVD-2025-210297

8.7CVSS5.9AI score

Cvelist•added yesterday•19 views

CVE-2025-4994 Authentication Bypass for SafeLine SL6 and SL6+

8.7CVSS

RedHat Linux•added 3 days ago•7 views

kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync

A flaw was found in the Linux kernel's Bluetooth Host Controller Interface HCI synchronization. A local user could trigger a stack buffer overflow by binding a specific type of Bluetooth socket with an excessive number of Bluetooth Isochronous Stream BIS entries. This memory corruption can lead t...

7.8CVSS7.3AI score0.00142EPSS

Exploits0References5

RedHat Linux•added 3 days ago•6 views

kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

A flaw was found in the Linux kernel's Bluetooth subsystem. This vulnerability, a Use-After-Free UAF, exists within the Secure Simple Pairing SSP passkey handlers. It occurs when hciconn lookup and field access are performed without proper locking, allowing a connection to be freed concurrently...

8.8CVSS6AI score0.00266EPSS

Exploits0References5

Malwarebytes•added 4 days ago•5 views

Apple patches Beats Studio Buds flaw that could turn earbuds into a wiretap

Apple has patched a Bluetooth flaw in Beats Studio Buds that could potentially turn your earbuds into a nearby wiretap. When you buy a pair of Bluetooth earbuds, you expect them to play your music and your calls—not someone else’s. But a vulnerability in Apple’s Beats Studio Buds shows how that...

8.8CVSS6AI score0.04298EPSS

Exploits0

NVD•added 4 days ago•5 views

CVE-2026-52866

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection...

NVD•added 4 days ago•5 views

CVE-2026-50034

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values...

CVE•added 5 days ago•23 views

CVE-2026-50034

The CVE-2026-50034 entry concerns Apollo Pharmacy’s APG-01 BT Blood Glucose Monitoring System. Affected component: the device’s BLE wireless channel, where the root cause is cleartext transmission of sensitive health data. An attacker inside BLE range can passively eavesdrop traffic, potentially ...

7.1CVSS5.2AI score

Cvelist•added 5 days ago•33 views

CVE-2026-50034 Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Cleartext Transmission of Sensitive Information

An attacker within BLE communication range can passively intercept wireless traffic and obtain sensitive health-related information, including glucose measurement values...

Cvelist•added 5 days ago•30 views

CVE-2026-52866 Apollo Pharmacy Blood Glucose Monitoring System APG-01 BT Missing Authorization

An attacker within BLE communication range can monopolize the device's only available BLE connection slot, preventing legitimate users or applications from establishing a connection...

CVE•added 5 days ago•30 views

CVE-2026-52866

The CVE-2026-52866 entry concerns the Apollo Pharmacy Blood Glucose Monitoring System APG-01 with BT lacking authorization in BLE. The connected docs provide concrete details: an attacker in BLE range can monopolize the device’s only available BLE connection slot, blocking legitimate users/applic...

7.1CVSS5.2AI score

NVD•added 6 days ago•6 views

CVE-2026-10641

Zephyr's Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser subsys/bluetooth/host/classic/hfphf.c contains an out-of-bounds write. During Service Level Connection setup the HF sends AT+CIND=? and parses the AG's +CIND: response in cindhandle, which assigns a per-entry counter index a...

7.1CVSS0.00175EPSS

Cvelist•added 6 days ago•11 views

CVE-2026-10641 Out-of-bounds write in Bluetooth HFP Hands-Free CIND indicator parsing (cind_handle_values)

7.1CVSS0.00175EPSS

CVE•added 6 days ago•10 views

CVE-2026-10641

Zephyr Bluetooth Classic HFP HF CIND parser (subsys/bluetooth/host/classic/hfp_hf.c) contains an out-of-bounds write during +CIND=?/+CIND: handling. cind_handle_values() writes hf-ind_table[index] = i without verifying index is within the 20-element int8_t ind_table[]. A remote attacker could sen...

7.1CVSS5.5AI score0.00175EPSS

EUVD•added 6 days ago•8 views

EUVD-2026-37702

7.1CVSS5.5AI score0.00175EPSS