CVE-2025-24132

CVE-2025-24132 affects Apple AirPlay SDKs (AirPlay audio SDK 2.7.1, AirPlay video SDK 3.6.0.126) and the CarPlay plug‑in (R18.1). The issue is described as a memory handling vulnerability that can cause an application to terminate when exploited from the local network. Public connected documents ...

CVE-2025-2082 Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability

Tesla Model 3 VCSEC Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Tesla Model 3 vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the VCSEC...

CVE-2024-6029

CVE-2024-6029 concerns the Tesla Model S Iris Modem firewall, where a race-condition flaw in the firewall service arises from a failure to obtain the xtables lock. This vulnerability allows network-adjacent attackers to bypass firewall rules without authentication. The issue is documented across ...

CVE-2024-6029 Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within th...

CVE-2025-30389

Improper authorization in Azure Bot Framework SDK allows an unauthorized attacker to elevate privileges over a network...

CVE-2025-30390

CVE-2025-30390 affects Microsoft Azure Machine Learning Compute. Described as an improper authorization vulnerability that enables an authorized attacker to elevate privileges over a network. Root cause is improper authorization in Azure; impact is privilege escalation (high/critical). Exploitati...

CVE-2022-43495

OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardwaredevicemanager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot...

(Pwn2Own) Tesla Model S Iris Modem Race Condition Firewall Bypass Vulnerability

This vulnerability allows network-adjacent attackers to bypass the firewall on the Iris modem in affected Tesla Model S vehicles. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firewall service. The issue results from a failure to obtain the...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6...

Important: java-17-amazon-corretto

Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE:8u441, 8u441-perf, 11.0.26, 17.0.14, 21.0.6, 24; Oracle GraalVM for JDK:17.0.14, 21.0.6...

CVE-2025-31197

The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination...

CVE-2025-31197

The issue was addressed with improved checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination...

CVE-2025-24270

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, visionOS 2.4. An attacker on the local network may be able to leak sensitive user information...

CVE-2025-24206

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4. An attacker on the local network may be able to bypass authentication polic...

CVE-2025-24251

CVE-2025-24251 affects multiple Apple OS releases (macOS Sequoia 15.4; macOS Ventura 13.7.5; macOS Sonoma 14.7.5; iOS 18.4/iPadOS 18.4; tvOS 18.4; watchOS 11.4; visionOS 2.4). The flaw enables a local‑network attacker to cause an unexpected termination of an app due to improved checks implemented...

CVE-2025-24251

The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, tvOS 18.4, macOS Ventura 13.7.5, iPadOS 17.7.6, macOS Sonoma 14.7.5, iOS 18.4 and iPadOS 18.4, watchOS 11.4, visionOS 2.4. An attacker on the local network may cause an unexpected app termination...

CVE-2025-2765

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability...

CVE-2025-2765 CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability

CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability...

PT-2025-17684 · Unknown · Echarge Hardy Barth Cph2

Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth cPH2 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authentication is not requir...

CVE-2025-3854 H3C GR-3000AX HTTP POST Request aspForm Edit_List_SSID buffer overflow

A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/EditListSSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argume...