Capacitive Touchscreens at Risk: A Practical Side-Channel Attack on Smartphones Via Electromagnetic Emanations

Capacitive touchscreens in modern smartphones introduce severe side-channel vulnerabilities. However, existing attacks often require restrictive conditions or invasive measurements. This paper presents TESLA, a novel, contactless electromagnetic EM side-channel attack that exploits inherent EM...

CVE-2023-49224

Precor touchscreen console P62, P80, and P82 contains a default SSH public key in the authorizedkeys file. A remote attacker could use this key to gain root privileges...

EUVD-2025-26506

Malicious code in bioql PyPI...

EUVD-2025-27588

Malicious code in bioql PyPI...

CVE-2025-47415

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected...

CVE-2025-47415 RECWAVE Filepath Traversal

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in CRESTRON TOUCHSCREENS x70 allows Relative Path Traversal.This issue affects TOUCHSCREENS x70: from 3.000.0110.001 before 3.001.0031.001. Confirmed Affected Hardware: TSW-760, TSW-1060 Confirmed Affected...

CVE-2025-47415

Summary (CVE-2025-47415): CRESTRON TOUCHSCREENS x70 are affected by a path-traversal vulnerability. Affected hardware: TSW-760 and TSW-1060. Affected firmware: 3.000.0110.001 and earlier. Fixed firmware: 3.001.0031.001. The issue allows relative path traversal and is limited to network-accessible...

CRESTRON TOUCHSCREENS x70 安全漏洞

CRESTRON TOUCHSCREENS x70 is an interactive touchmonitor from CRESTRON, Inc. A security vulnerability exists in the CRESTRON TOUCHSCREENS x70 that originates in the ConsoleFindCommandMatchList function and could lead to the execution of an attacker-defined file...

CRESTRON TOUCHSCREENS x70 安全漏洞

CRESTRON TOUCHSCREENS x70 is an interactive touch display from CRESTRON, Inc. A security vulnerability exists in CRESTRON TOUCHSCREENS x70 versions prior to 3.000.0110.001 through 3.001.0031.001, which stems from vulnerability to path traversal attacks...

PT-2025-36922

Name of the Vulnerable Software and Affected Versions: CRESTRON TOUCHSCREENS x70 versions 3.000.0110.001 through 3.001.0030.000 Description: A path traversal vulnerability exists in CRESTRON TOUCHSCREENS x70, allowing relative path traversal. This issue affects TSW-760 and TSW-1060 hardware runni...

CVE-2025-47421

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

CVE-2025-47421

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

CVE-2025-47421

CVE-2025-47421 affects CRESTRON TOUCHSCREENS x70 (versions 3.001.0031.001 through 3.001.0034.001). The issue is an improper neutralization of argument delimiters in a command, enabling argument injection via a specially crafted SCP command over SSH that can grant a privileged operating system ses...

CVE-2025-47421 Privilege escalation via SCP login

Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' vulnerability in CRESTRON TOUCHSCREENS x70 allows Argument Injection.This issue affects TOUCHSCREENS x70: from 3.001.0031.001 through 3.001.0034.001. A specially crafted SCP command sent via SSH login string can lead...

PT-2025-35721

Name of the Vulnerable Software and Affected Versions: CRESTRON TOUCHSCREENS x70 versions 3.001.0031.001 through 3.001.0034.001 Description: An improper neutralization of argument delimiters in a command 'Argument Injection' vulnerability exists in CRESTRON TOUCHSCREENS x70. A specially crafted S...

PT-2024-13699 · Precor · Precor Touchscreen Console

Name of the Vulnerable Software and Affected Versions: Precor touchscreen console versions P62, P80, and P82 Description: The issue concerns a default SSH public key in the authorized keys file, which could be exploited by a remote attacker to gain root privileges. Recommendations: For Precor...

February 13, 2024—KB5034770 (OS Build 20348.2322)

February 13, 2024—KB5034770 OS Build 20348.2322 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out wh...

February 13, 2024—KB5034769 (OS Build 25398.709)

February 13, 2024—KB5034769 OS Build 25398.709 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

January 9, 2024—KB5034127 (OS Build 17763.5329) - EXPIRED

January 9, 2024—KB5034127 OS Build 17763.5329 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​ 11/17/20 For...

Remotely Controlling Touchscreens

This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens. From a news article: Its important to note that the attack has a few key limitations. Firstly, the hackers need to know the targets phone passcod...