Lucene search
K

9 matches found

Vulnrichment
Vulnrichment
added 2026/01/26 10:12 p.m.4 views

CVE-2026-24003 EvseV2G has sequence state validation bypass

EVerest is an EV charging software stack. In versions up to and including 2025.12.1, it is possible to bypass the sequence state verification including authentication, and send requests that transition to forbidden states relative to the current one, thereby updating the current context with...

4.3CVSS5.8AI score0.00254EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-19417

Malicious code in bioql PyPI...

8.1CVSS6.6AI score0.00256EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 a.m.10 views

CVE-2025-44557

A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...

8.1CVSS6.6AI score0.00256EPSS
Exploits0References1
NVD
NVD
added 2025/06/27 5:15 p.m.4 views

CVE-2025-44557

A state machine transition flaw in the Bluetooth Low Energy BLE stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairingfailed packet...

8.1CVSS0.00256EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.3 views

Infineon PSoC4 安全漏洞

Infineon PSoC4 is a programmable system-on-chip PSoC product family from Infineon Germany. A security vulnerability exists in Infineon PSoC4 version v3.66, which stems from a BLE stack state machine transition flaw that could lead to authentication bypass...

8.1CVSS6.8AI score0.00256EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.5 views

PT-2025-27241 · Cypress · Cypress Psoc4

Name of the Vulnerable Software and Affected Versions: Cypress PSoC4 version 3.66 Description: A state machine transition flaw in the Bluetooth Low Energy BLE stack allows attackers to bypass the pairing process and authentication via a crafted pairing failed packet. This flaw enables attackers t...

8.1CVSS6.9AI score0.00256EPSS
Exploits0References6
OSV
OSV
added 2024/03/25 10:37 p.m.4 views

CVE-2024-2873

A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access...

9.1CVSS6.4AI score
Exploits0References3
Veracode
Veracode
added 2023/11/10 7:22 a.m.13 views

Rogue Session

asyncssh is vulnerable to a Rogue Session. The vulnerability is caused by a state machine flaw in the the AsyncSSH server while authenticating a client in which results in the client being forced to to log into the attacker's account without the client being able to detect this. An attacker can...

6.8CVSS7.1AI score0.00867EPSS
Exploits0References8Affected Software1
OSV
OSV
added 2015/07/09 5:32 p.m.2 views

USN-2672-1 nss vulnerabilities

Karthikeyan Bhargavan discovered that NSS incorrectly handled state transitions for the TLS state machine. If a remote attacker were able to perform a machine-in-the-middle attack, this flaw could be exploited to skip the ServerKeyExchange message and remove the forward-secrecy property...

4.3CVSS6.2AI score0.03594EPSS
Exploits1References3
Rows per page
Query Builder