9 matches found
CVE-2026-24003 EvseV2G has sequence state validation bypass
EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...
EUVD-2025-19417
Malicious code in bioql PyPI...
CVE-2025-44557
A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...
CVE-2025-44557
A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...
Infineon PSoC4 安全漏洞
Infineon PSoC4 is a programmable system-on-chip PSoC product family from Infineon Germany. A security vulnerability exists in Infineon PSoC4 version v3.66, which stems from a BLE stack state machine transition flaw that could lead to authentication bypass...
PT-2025-27241 · Cypress · Cypress Psoc4
Name of the Vulnerable Software and Affected Versions: Cypress PSoC4 version 3.66 Description: A state machine transition flaw in the Bluetooth Low Energy BLE stack allows attackers to bypass the pairing process and authentication via a crafted pairing failed packet. This flaw enables attackers t...
CVE-2024-2873
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...
Rogue Session
asyncssh is vulnerable to a Rogue Session. The vulnerability is caused by a state machine flaw in the the AsyncSSH server while authenticating a client in which results in the client being forced to to log into the attacker's account without the client being able to detect this. An attacker can...
USN-2672-1 nss vulnerabilities
Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...