CVE-2026-36174

GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtain sensitive information, including network credentials, via monitoring the serial UART interface...

AIRTH SMART HOME AQI MONITOR Bootloader 安全漏洞

The AIRTH SMART HOME AQI MONITOR Bootloader is the underlying software for an air quality detector from AIRTH India. A security vulnerability exists in AIRTH SMART HOME AQI MONITOR Bootloader version 1.005, which originates from physical proximity Attackers can access the BK7231N controller throu...

CVE-2025-59698

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, might allow a physically proximate attacker to gain access to the EOL legacy bootloader...

Nous W3 安全漏洞

Nous W3 is a webcam from the Polish company Nous. A security vulnerability exists in Nous W3 version 1.33.50.82, which stems from a flaw in the firmware update mechanism that allows an attacker in physical proximity to elevate privileges to root via a specially crafted update.tar archive file...

EUVD-2021-12247

Malware in sbrugna...

EUVD-2020-4922

Malware in sbrugna...

EUVD-2016-4902

Malware in sbrugna...

CVE-2021-25340

Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State...

CVE-2010-4212

The USAA application 3.0 for Android stores a mirror image of each visited web page, which might allow physically proximate attackers to obtain sensitive banking information by reading application data...

CVE-2025-28201

An issue in Victure RX1800 ENV1.0.0r12110933 allows physically proximate attackers to execute arbitrary code or gain root access...

CVE-2025-25984

An issue in Macro-video Technologies Co.,Ltd V380E6C1 IP camera HwHsAKPIQpWFXHR 1020302 allows a physically proximate attacker to execute arbitrary code via UART component...

CVE-2024-44754

Cryptographic key extraction from internal flash in Minut M2 with firmware version 15142 allows physically proximate attackers to inject modified firmware into any other Minut M2 product via USB...

CVE-2023-33203

The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/net/ethernet/qualcomm/emac/emac.c if a physically proximate attacker unplugs an emac based device...

USN-5390-2: Linux kernel (Raspberry Pi) vulnerabilities

David Bouman discovered that the netfilter subsystem in the Linux kernel did not properly validate passed user register indices. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. CVE-2022-1015 David Bouman discovered that the netfilter subsystem in t...

Code injection

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during...

Bluetooth® pairing vulnerability

Summary: Bluetooth Pairing update. Description: A vulnerability in Bluetooth® pairing potentially allows an attacker with physical proximity within 30 meters to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth®...

CVE-2017-7407

The ourWriteOut function in toolwriteout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a...

Design/Logic Flaw

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the...

CVE-2016-0812

The interceptKeyBeforeDispatching function in policy/src/com/android/internal/policy/impl/PhoneWindowManager.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.0 before 2016-02-01 does not properly check for setup completion, which allows physically proximate attackers to bypass the...

CVE-2015-1319

The CVE-2015-1319 issue affects the Unity Settings Daemon in Ubuntu 14.04 LTS and 15.04. It arises because the daemon does not reliably detect when the screen is locked, allowing a physically proximate attacker to mount removable media (e.g., a USB thumb drive) while the session is locked. Affect...