CVE-2026-23812 Security Boundary Bypass via Routing Node Impersonation

A vulnerability has been identified where an attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway by leveraging an address-based spoofing technique. Successful exploitation enables the redirection of data streams, allowing for the interception or...

CVE-2026-23812

Technical details (vulnerable products, affected versions, or exploit specifics) are not publicly available in the provided documents. Monitor for updates from NVD/Red Hat/ENISA and vendor advisories.

CVE-2026-23811

CVE-2026-23811 is described across multiple sources as a vulnerability in the client isolation mechanism that may bypass L2 restrictions and, when combined with a port-stealing attack, enable a bi-directional MitM at L3. The connected documents do not provide concrete product/vendor/component/ver...

CVE-2026-23811 Unauthorized Bi-Directional Traffic Interception via L2/L3 Manipulation

A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 L2 communication restrictions between clients and redirect traffic at Layer 3 L3. In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable...

CVE-2026-23809

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

CVE-2025-70342

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

EUVD-2025-208281

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

PT-2026-22943

A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation m...

PT-2026-23032

Name of the Vulnerable Software and Affected Versions @opennextjs/cloudflare affected versions not specified Description A Server-Side Request Forgery SSRF issue exists in the @opennextjs/cloudflare package. This is due to a path normalization bypass in the /cdn-cgi/image/ handler. Specifically,...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities stem from a port-stealing method that can bypass BSSID...

CVE-2025-69969

The CVE concerns SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2, where a lack of authentication and authorization in the BLE protocol enables an attacker within BLE proximity to reverse engineer the protocol and execute arbitrary commands on the device without a connection. The issue also permit...

PT-2026-22946

Name of the Vulnerable Software and Affected Versions affected versions not specified Description An attacker connecting to an access point as a standard wired or wireless client can impersonate a gateway using an address-based spoofing technique. Successful exploitation allows redirection of dat...

SRK Powertech Pebble Prism Ultra 安全漏洞

The SRK Powertech Pebble Prism Ultra is a Bluetooth-enabled smartwatch produced by the Indian company SRK Powertech. Version 2.9.2 of the SRK Powertech Pebble Prism Ultra contains a security vulnerability. This vulnerability stems from the lack of authentication and authorization mechanisms in th...

HPE Aruba Networking Wireless Operating System 安全漏洞

HPE Aruba Networking Wireless Operating System is a wireless network operating system developed by the American company HPE. There are security vulnerabilities in the HPE Aruba Networking Wireless Operating System. These vulnerabilities allow attackers to simulate gateways using address-based...

PT-2026-22927

erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...

PT-2026-22940

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

CVE-2025-48574

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48574

In validateAddingWindowLw of DisplayPolicy.java, there is a possible way for an app to intercept drag-and-drop events due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...