Lucene search
K

55 matches found

CVE
CVE
added 2023/12/07 12:0 a.m.46 views

CVE-2023-46916

CVE-2023-46916 affects Maxima Max Pro Power 1.0 486A watches. The BLE threat is a replay at GATT handle 0x0012, enabling unauthorized actions such as starting/changing the heart‑rate monitor and related display/notification changes. Public exploit notes describe unauthenticated access demonstrati...

4.3CVSS4.6AI score0.00511EPSS
Exploits4References2Affected Software1
Packet Storm
Packet Storm
added 2023/11/13 12:0 a.m.326 views

Maxima Max Pro Power 1.0 486A BLE Traffic Replay

Exploit Title: Maxima Max Pro Power - BLE Traffic Replay Unauthenticated Date: 13-Nov-2023 Exploit Author: Alok kumar [email protected], Cyberpwn Technologies Pvt. Ltd. Vendor Homepage: https://www.maximawatches.com Product Link: https://www.maximawatches.com/products/max-pro-power Firmware...

7.4AI score0.00511EPSS
Exploits4
OSV
OSV
added 2022/12/26 6:15 a.m.5 views

CVE-2021-35953

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service device outage via crafted choices of the last three bytes of a characteristic value...

7.5CVSS5.8AI score0.0084EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/26 12:0 a.m.7 views

PT-2022-10480 · Unknown · Fastrack Reflex 2.0

Name of the Vulnerable Software and Affected Versions: fastrack Reflex 2.0 W307S REFLEX v90.89 Activity Tracker Description: The issue allows a remote attacker to cause a Denial of Service, resulting in a device outage. This can be achieved via crafted choices of the last three bytes of a...

7.5CVSS7.3AI score0.0084EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/26 12:0 a.m.23 views

CVE-2021-35953

fastrack Reflex 2.0 W307SREFLEXv90.89 Activity Tracker allows a Remote attacker to cause a Denial of Service device outage via crafted choices of the last three bytes of a characteristic value...

7.7AI score0.0084EPSS
Exploits0References2
OSV
OSV
added 2021/08/16 11:15 a.m.5 views

CVE-2021-24519

The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue...

4.8CVSS5.8AI score0.00613EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2021/07/19 12:0 a.m.20 views

Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue PoC Add or Edit a Characteristic...

3.5CVSS4.5AI score0.00613EPSS
Exploits2Affected Software1
Prion
Prion
added 2021/01/12 3:15 a.m.16 views

Buffer overflow

Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x through 3.2.3, 3.3.x through 3.3.2, and 4.0.x through 4.0.1 has a Buffer Overflow in BluFi provisioning in btcblufirecvhandler function in blufiprf.c. An attacker can send a crafted BluFi protocol Write Attribute command to...

5CVSS7.7AI score0.01382EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/05/18 5:15 a.m.18 views

CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

7.5CVSS7.4AI score0.01631EPSS
Exploits0References3
CVE
CVE
added 2020/05/18 4:2 a.m.58 views

CVE-2020-12857

CVE-2020-12857 concerns the COVIDSafe Android app, where caching of GATT characteristic values (TempID) in versions 1.0.15 and 1.0.16 allows a remote attacker to long-term re-identify an affected device. The Red Hat, NVD and CVE listings align on the impact: exposure of re-identification risk due...

7.5CVSS7.3AI score0.01631EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2020/05/18 4:2 a.m.22 views

CVE-2020-12857

Caching of GATT characteristic values TempID in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe...

7.4AI score0.01631EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.10 views

ABB 1SVR427031R2000 CP-E 48 1.25 Power Supply Detection

Binary data 756479.prm...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2019/05/08 12:0 a.m.13 views

ABB 1SVR427032R0000 CP-E 24 2.5 Power Supply Detection

Binary data 756480.prm...

7.3AI score
Exploits0
Kitploit
Kitploit
added 2019/01/26 8:37 p.m.175 views

identYwaf - Blind WAF Identification Tool

identYwaf is an identification tool that can recognize web protection type i.e. WAF based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive non-destructive payloads, where those are used only to trigger the web protection system in...

7.3AI score
Exploits0References3
Cvelist
Cvelist
added 2017/12/07 12:0 a.m.15 views

CVE-2017-17435

An issue was discovered in the software on Vaultek Gun Safe VT20i products, aka BlueSteal. An attacker can remotely unlock any safe in this product line without a valid PIN code. Even though the phone application requires it and there is a field to supply the PIN code in an authorization request,...

8.6AI score0.00582EPSS
Exploits0References2
Rows per page
Query Builder