CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

EUVD-2025-208281

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

CVE-2025-69969

The CVE concerns SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2, where a lack of authentication and authorization in the BLE protocol enables an attacker within BLE proximity to reverse engineer the protocol and execute arbitrary commands on the device without a connection. The issue also permit...

EUVD-2023-27398

Malicious code in bioql PyPI...

EUVD-2023-27406

Malicious code in bioql PyPI...

EUVD-2023-27402

Malicious code in bioql PyPI...

EUVD-2023-27403

Malicious code in bioql PyPI...

EUVD-2023-27400

Malicious code in bioql PyPI...

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

CVE-2023-23300

The Toybox.Cryptography.Cipher.initialize API method in CIQ API version 3.0.0 through 4.1.7 does not validate its parameters, which can result in buffer overflows when copying data. A malicious application could call the API method with specially crafted parameters and hijack the execution of the...

Buffer overflow

The Toybox.Ant.GenericChannel.enableEncryption API method in CIQ API version 3.2.0 through 4.1.7 does not validate its parameter, which can result in buffer overflows when copying various attributes. A malicious application could call the API method with specially crafted object and hijack the...

CVE-2023-23306

The Toybox.Ant.BurstPayload.add API method in CIQ API version 2.2.0 through 4.1.7 suffers from a type confusion vulnreability, which can result in an out-of-bounds write operation. A malicious application could create a specially crafted Toybox.Ant.BurstPayload object, call its add method, overri...

CVE-2023-23305

The GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 is vulnerable to various buffer overflows when loading binary resources. A malicious application embedding specially crafted resources could hijack the execution of the device's firmware...

PT-2023-18898 · Ciq Api · Ciq Api

Name of the Vulnerable Software and Affected Versions: CIQ API versions 3.2.0 through 4.1.7 Description: The issue concerns the Toybox.Ant.GenericChannel.enableEncryption API method, which fails to validate its parameters. This can lead to buffer overflows when copying attributes, potentially...

CVE-2023-23303

The CVE-2023-23303 vulnerability affects Garmin Connect IQ CIQ API (Toybox.Ant.GenericChannel.enableEncryption) across versions 3.2.0–4.1.7. The issue arises because the API does not validate its parameter, enabling buffer overflows when copying various attributes. A malicious application could c...