EUVD-2025-209098

BS Producten Petcam 33.1.0.0818 is vulnerable to Incorrect Access Control. An unauthenticated attacker in physical proximity can associate with this open network. Once connected, the attacker gains access to the camera's private network interface and can retrieve sensitive information, including...

CVE-2025-69969

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

PT-2026-22940

A lack of authentication and authorization mechanisms in the Bluetooth Low Energy BLE communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer the protocol and execute arbitrary commands on the device without establishing a connection. This is...

EUVD-2025-206515

A weakness in the web interface’s application layer encryption in VX800v v1.0 allows an adjacent attacker to brute force the weak AES key and decrypt intercepted traffic. Successful exploitation requires network proximity but no authentication, and may result in high impact to confidentiality,...

CVE-2025-66803

Race condition in the turbo-frame element handler in Hotwired Turbo before 8.0.x causes logout operations to fail when delayed frame responses reapply session cookies after logout. This can be exploited by remote attackers via selective network delays e.g. delaying requests based on sequence or...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000790 advisory. drivers/hid/hid-zpff.c in the Human Interface Device HID subsystem in the Linux kernel through 3.11, when CONFIGHIDZEROPLUS is enabled, allows physically proximate...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002053)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002053 advisory. Multiple buffer overflows in the commandportreadcallback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before...

AIRTH SMART HOME AQI MONITOR Bootloader 安全漏洞

The AIRTH SMART HOME AQI MONITOR Bootloader is the underlying software for an air quality detector from AIRTH India. A security vulnerability exists in AIRTH SMART HOME AQI MONITOR Bootloader version 1.005, which originates from physical proximity Attackers can access the BK7231N controller throu...

CVE-2023-50126

Missing encryption in the RFID tags of the Hozard alarm system Alarmsysteem v1.0 allow attackers to create a cloned tag via brief physical proximity to one of the original tags, which results in an attacker being able to bring the alarm system to a disarmed state...

PT-2026-1551

Name of the Vulnerable Software and Affected Versions TP-Link Archer BE400 version 1.1.0 Build 20250710 rel.14914 Description A flaw exists in the 802.11 modules of the TP-Link Archer BE400 that can lead to a denial-of-service DoS condition. An attacker in close proximity can trigger a device...

CVE-2025-65828

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy BLE to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from...

EUVD-2025-202622

An unauthenticated attacker within proximity of the Meatmeet device can perform an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE, resulting in the firmware on the device being overwritten with the attacker's code. As the device does not perform checks on upgrades,...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

PT-2025-50499

Name of the Vulnerable Software and Affected Versions Meatmeet affected versions not specified Description An attacker in close proximity can execute code remotely on the Meatmeet device by performing an unauthorized Over The Air OTA firmware upgrade using Bluetooth Low Energy BLE. The device doe...

CVE-2025-65823

CVE-2025-65823 affects the Meatmeet Pro device. The firmware reportedly ships with hardcoded Wi‑Fi credentials from its test network, enabling an attacker who obtains these credentials to gain unauthorized access to the vendor’s Wi‑Fi network. Additionally, a nearby attacker during initial setup ...

CVE-2025-65824

The CVE describes an unauthenticated proximity attack against the Meatmeet device where an adversary can perform an unauthorized OTA firmware upgrade over BLE. The upgrade mechanism does not verify authenticity, allowing the attacker to overwrite the device firmware with their code and trigger Re...

CVE-2025-65826

CVE-2025-65826 affects the Meatmeet Pro mobile application (examples in multiple disclosures show the vulnerability stemming from hard-coded/stored network credentials within the app). The issue enables attackers who obtain the credentials and the device’s Wi‑Fi network location to gain unauthori...

CVE-2025-65828

An unauthenticated attacker within proximity of the Meatmeet device can issue several commands over Bluetooth Low Energy BLE to these devices which would result in a Denial of Service. These commands include: shutdown, restart, clear config. Clear config would disassociate the current device from...

CVE-2025-65823

The Meatmeet Pro was found to be shipped with hardcoded Wi-Fi credentials in the firmware, for the test network it was developed on. If an attacker retrieved this, and found the physical location of the Wi-Fi network, they could gain unauthorized access to the Wi-Fi network of the vendor...

CVE-2025-59701

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to read and modify the Appliance SSD contents because they are unencrypted...