CVE-2025-23421

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications...

EUVD-2025-3169

Malicious code in bioql PyPI...

CVE-2025-20615

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CVE-2025-23421

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications...

CVE-2025-20615

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CVE-2025-20615

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CVE-2025-24836

CVE-2025-24836 affects Qardio Heart Health iOS/Android apps and QardioARM A100 hardware. A specially crafted Python script can send continuous startMeasurement commands over an unencrypted Bluetooth connection, preventing the device from linking with a clinician’s app and flooding it with request...

CVE-2025-24836 Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests,...

CVE-2025-24836 Qardio Heart Health IOS and Android Application and QardioARM A100 Uncaught Exception

With a specially crafted Python script, an attacker could send continuous startMeasurement commands over an unencrypted Bluetooth connection to the affected device. This would prevent the device from connecting to a clinician's app to take patient readings and ostensibly flood it with requests,...

CVE-2025-23421 Qardio iOS and Android applications Files or Directories Accessible to External Parties

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications...

CVE-2025-23421

CVE-2025-23421 affects Qardio iOS and Android applications. Multiple connected sources describe that an attacker could obtain firmware files and reverse engineer their intended use, leading to loss of confidentiality and integrity of the hardware devices enabled by these apps. Red Hat and NVD ent...

CVE-2025-23421 Qardio iOS and Android applications Files or Directories Accessible to External Parties

An attacker could obtain firmware files and reverse engineer their intended use leading to loss of confidentiality and integrity of the hardware devices enabled by the Qardio iOS and Android applications...

CVE-2025-20615 Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthorized Actor

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CVE-2025-20615

CVE-2025-20615 affects the Qardio Arm iOS app. The vulnerability arises from exposing usernames and passwords in a plist file, enabling an attacker to log in to production-level development accounts and trigger an engineering backdoor that accepts hex-based commands over a UI-based terminal. Impa...

CVE-2025-20615 Qardio Heart Health IOS Mobile Application Exposure of Private Personal Information to an Unauthorized Actor

The Qardio Arm iOS application exposes sensitive data such as usernames and passwords in a plist file. This allows an attacker to log in to production-level development accounts and access an engineering backdoor in the application. The engineering backdoor allows the attacker to send hex-based...

CISA Releases Twenty Industrial Control Systems Advisories

CISA released twenty Industrial Control Systems ICS advisories on February 13, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-044-01 Siemens SIMATIC S7-1200 CPU Family ICSA-25-044-02 Siemens SIMATIC...

Qardio Heart Health 安全漏洞

Qardio Heart Health is a heart monitoring management software from Qardio, Inc. in the United States. A security vulnerability exists in Qardio Heart Health that stems from the use of a specially crafted Python script that sends successive startMeasurement commands to an affected device over an...

Qardio ARM A100 安全漏洞

Qardio ARM A100 is an automated blood pressure monitor from Qardio, USA. A security vulnerability exists in the Qardio ARM A100 that stems from exposing sensitive data such as usernames and passwords in plist files...

Qardio Heart Health和ARM A100 安全漏洞

Qardio Heart Health and Qardio ARM A100 are both products of Qardio Corporation, U.S.A. Qardio Heart Health is a heart monitoring management software.Qardio ARM A100 is an automatic blood pressure monitor. A security vulnerability exists in Qardio Heart Health and ARM A100. An attacker exploiting...