CVE-2025-29165

An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component...

CVE-2026-27846

Due to missing authentication, a user with physical access to the device can misuse the mesh functionality for adding a new mesh device to the network to gain access to sensitive information, including the password for admin access to the web interface and the Wi-Fi passwords.This issue affects...

CVE-2023-4258

In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee...

CVE-2025-32883

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. The app there makes it possible to inject any custom message into existing mesh networks with any GID and Callsign via a software defined radio. This can be exploited if the device is being used in an unencrypted...

CVE-2025-32883

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-41722. Reason: This candidate is a reservation duplicate of CVE-2024-41722. Notes: All CVE users should reference CVE-2024-41722. instead of this candidate. All references and descriptions in this candidate have been removed ...

CVE-2025-32890

CVE-2025-32890 affects goTenna Mesh devices running app 5.5.3 and firmware 1.1.12. The root cause is a custom encryption implementation without additional integrity checks, making messages malleable and potentially accessible to an attacker who can access the message. The connected documents conf...

CVE-2025-27098

GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any...

CVE-2025-0754

The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to lo...

CVE-2022-35624

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented packets with SegO SegN...

PT-2022-22930 · Nordic · Nordic Nrf5 Sdk For Mesh

Name of the Vulnerable Software and Affected Versions: Nordic nRF5 SDK for Mesh version 5.0 Description: A heap overflow issue can be triggered by sending a series of segmented packets where SegO is greater than SegN. This allows for potential exploitation. Recommendations: For Nordic nRF5 SDK fo...

Vulnerabilities found in Bluetooth specifications

Researchers have discovered seven vulnerabilities in two components of the Bluetooth standard. Specifically, these are the Bluetooth Core Specification and Bluetooth Mesh Specification 1.0 and 1.0.1. The vulnerabilities allow a malicious person to spoof Bluetooth devices during the pairing proces...