Lucene search
K

152 matches found

EUVD
EUVD
added 5 days ago7 views

EUVD-2026-40992

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS5.9AI score0.0021EPSS
Exploits2References4
NVD
NVD
added 2026/06/25 2:16 p.m.5 views

CVE-2026-47147

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS0.00231EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:36 p.m.15 views

CVE-2026-47147

The CVE affects EmberZNet (v9.0.2 and earlier) where the OTA server raw parser fails to validate per-field bounds in OTA requests. This can cause out-of-bounds reads of a limited amount of RAM, with the leaked data size/location constrained; exploitation requires the requester to be an already-jo...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/25 1:36 p.m.31 views

CVE-2026-47147 OTA server raw parser missing per-field bounds validation in EmberZNet v9.0.2

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS0.00231EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:36 p.m.5 views

EUVD-2026-39401

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:36 p.m.5 views

CVE-2026-47147

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.11 views

PT-2026-52400

Name of the Vulnerable Software and Affected Versions EmberZNet versions prior to 9.0.3 Description Malformed Over-the-Air OTA requests can cause the OTA server parser to perform out-of-bounds reads, which occurs when the software reads data outside the intended boundary of a buffer. This allows ...

7.1CVSS5.8AI score0.00231EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2026/06/09 3:6 p.m.12 views

GPS As a Key Distribution Platform

This is interesting: The U.S. military has likely been quietly broadcasting codes for its global encryption network using public GPS for nearly 20 years, turning each satellite into a hidden "numbers station," according to Steven Murdoch… That means every device that uses GPS has been receiving...

5.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.8 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS5.4AI score0.00134EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.18 views

PT-2026-46178

Name of the Vulnerable Software and Affected Versions AcerConnect OTA affected versions not specified Description The use of fixed AES-128-CBC keys within the application allows attackers to forge authorization credentials for any IMEI number. This enables unauthorized actors to list catalog item...

6.9CVSS5.4AI score0.00187EPSS
Exploits0References4
CVE
CVE
added 2026/05/24 8:30 p.m.19 views

CVE-2026-9397

Technical details are not publicly available in the provided documents. Monitor for updates.

9.2CVSS6.5AI score0.00454EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/24 8:30 p.m.13 views

CVE-2026-9397 Besen BS20 EV Charging Station OTA Update Installation improper authorization

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

9.2CVSS6.5AI score0.00454EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/24 8:30 p.m.17 views

CVE-2026-9397 Besen BS20 EV Charging Station OTA Update Installation improper authorization

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

9.2CVSS0.00454EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/24 12:0 a.m.14 views

PT-2026-42967

A weakness has been identified in Besen BS20 EV Charging Station up to 20260426. Affected by this issue is some unknown functionality of the component OTA Update Installation Handler. This manipulation causes improper authorization. The attack is possible to be carried out remotely. A high degree...

9.2CVSS6.5AI score0.00454EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/24 12:0 a.m.11 views

Besen BS20 EV Charging Station 授权问题漏洞

The Besen BS20 EV Charging Station is an AC electric vehicle wall-mounted charging station developed by the Chinese company Besen. The version of the Besen BS20 EV Charging Station dated 20260426 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from improper...

9.2CVSS7.2AI score0.00454EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/22 12:31 a.m.5 views

EUVD-2026-24507

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS5.7AI score0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 10:16 p.m.9 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS0.00134EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/21 9:43 p.m.2 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS5.7AI score0.00134EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.9 views

Zero Motorcycles firmware 安全漏洞

Zero Motorcycles firmware is a control software for electric motorcycles developed by the American company Zero. Versions of Zero Motorcycles firmware prior to version 44 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to force device pairing v...

6.4CVSS5.8AI score0.00134EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/04/07 4:37 a.m.110 views

Exploit for CVE-2025-10681

CERT/CC VU653116 | CISA Advisory ICSA-26-055-03https:/...

8.8CVSS6.1AI score0.00275EPSS
Exploits1
Rows per page
Query Builder