156 matches found
CVE-2026-44634
The CVE-2026-44634 affects SimpleBLE prior to version 0.14.0, with multiple stack-based buffer overflow flaws. One in the dongl backend’s Protocol::simpleble_write (local, caller-controlled input); two related to processing BLE advertisement data (manufacturer-specific and service data) that can ...
CVE-2026-44634 Stack buffer overflows in SimpleBLE
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleblewrite function local,...
PT-2026-48338
SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy BLE. Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble write function local,...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021565)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021565 advisory. In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid maxflowrings from dongle When firmware hit trap at...
Astra Linux – Vulnerability found in Linux 5.15, Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: brcmfmac: An error occurs when retrieving an invalid maxflowrings value from a dongle. When the firmware encounters a trap during initialization, the host reads an abnormal maxflowrings value from the dongle. This can lead to a...
CVE-2025-15574
When connecting to the Solax Cloud MQTT server the username is the "registration number", which is the 10 character string printed on the SolaX Power Pocket device / the QR code on the device. The password is derived from the "registration number" using a proprietary XOR/transposition algorithm...
CVE-2025-15574
CVE-2025-15574 affects Solax Power Pocket WiFi models connected to the Solax Cloud MQTT server. The vulnerability stems from using the device registration number as the username and deriving the password from the same registration number with a proprietary XOR/transposition algorithm, enabling an...
CVE-2026-24347 Arbitrary file write to /tmp directory in EZCast Pro II Dongle
Improper input validation in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to manipulate files in the /tmp directory...
CVE-2026-24347
CVE-2026-24347 : The Red Hat/NVD/NVD enrichment entries describe an improper input validation in the Admin UI of EZCast Pro II (version 1.17478.146) that allows an attacker to manipulate files in the /tmp directory. This is tied to the EZCast Pro II dongle/application and is actionable via the Ad...
CVE-2026-24345 Cross-Site Request Forgery in EZCast Pro II Dongle
Cross-Site Request Forgery in Admin UI of EZCast Pro II version 1.17478.146 allows attackers to bypass authorization checks and gain full access to the admin UI...
CVE-2026-24345
CVE-2026-24345 describes a Cross-Site Request Forgery in the Admin UI of EZCast Pro II, version 1.17478.146, enabling bypass of authorization checks and full admin UI access. Affected component is the Admin UI handling for EZCast Pro II. The Red Hat and CVE records corroborate CSRF as the vector,...
CVE-2026-24344
The CVE-2026-24344 entry describes multiple buffer overflows in the EZCast Pro II Admin UI, affecting version 1.17478.146. The root cause per the documents is buffer overflow conditions in the Admin UI, enabling a crash and potentially remote code execution. No detailed exploit vectors, affected ...
CVE-2022-50915
PTPublisher 2.3.4 contains an unquoted service path vulnerability in the PTProtect service that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in 'C:\Program Files x86\Primera...
PT-2026-2391
Name of the Vulnerable Software and Affected Versions PTPublisher version 2.3.4 Description The software contains an unquoted service path vulnerability in the PTProtect service. This allows local attackers to potentially execute arbitrary code with elevated privileges. The vulnerable path is...
CVE-2021-22382
Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992857)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992857 advisory. In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid maxflowrings from dongle When firmware hit trap at...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992236)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992236 advisory. In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid maxflowrings from dongle When firmware hit trap at...
CVE-2025-36752
Growatt ShineLan-X communication dongle has an undocumented backup account with undocumented credentials which allows significant level access to the device, such as allowing any attacker to access the Setting Center. This means that this is effectively backdoor for all devices utilizing a Growat...
PT-2025-51102
The SWD debug interface on the Growatt ShineLan-X communication dongle is available by default, allowing an attacker to attain debug access to the device and to extracting secrets or domains from within the device...
CVE-2025-13955
Predictable default Wi-Fi Password in Access Point functionality in EZCast Pro II before version 1.17478.177 allows attackers in Wi-Fi range to gain access to the dongle by calculating the default password from observable device identifiers...