CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 2025/12/08 6:30 p.m.•2 views

EUVD-2025-201801

In multiple locations of UsbDataAdvancedProtectionHook.java, there is a possible way to access USB data when the screen is off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7CVSS6.3AI score0.00005EPSS

Exploits0References2

Vulnrichment•added 2025/12/08 5:27 p.m.•1 views

CVE-2025-48625

6.4AI score0.00005EPSS

Cvelist•added 2025/12/08 5:27 p.m.•13 views

CVE-2025-48625

0.00005EPSS

CVE•added 2025/12/08 5:27 p.m.•7 views

CVE-2025-48625

CVE-2025-48625 is a local privilege-escalation issue affecting Android (noted in the Android 16 QPR2 bulletin). The vulnerability arises from race conditions in UsbDataAdvancedProtectionHook.java, allowing access to USB data when the screen is off, with no user interaction required. Impact is des...

7CVSS6.4AI score0.00005EPSS

Exploits0References1Affected Software1

RedHat Linux•added 2025/11/12 8:15 a.m.•1 views

kernel: wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: slab-out-of-bounds read in brcmfgetassocies Fix a slab-out-of-bounds read that occurs in kmemdup called from brcmfgetassocies. The bug could occur when associnfo-reqlen, data from a URB provided by a USB device, i...

7.1CVSS6.9AI score0.00016EPSS

Exploits0References5

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-42822

Malicious code in bioql PyPI...

4.6CVSS5.2AI score0.00041EPSS

Tenable Nessus•added 2025/08/08 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2025-37811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: cihdrcimx: fix usbmisc handling usbmisc is an optional device property so it ...

5.5CVSS6.2AI score0.0007EPSS

OSV•added 2023/08/03 6:15 p.m.•0 views

CVE-2023-39075

Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R builds 11.10.2021 to 16.01.2023 allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device...

4.6CVSS5.9AI score0.00041EPSS

NVD•added 2023/08/03 6:15 p.m.•9 views

CVE-2023-39075

4.6CVSS4.8AI score0.00041EPSS

Cvelist•added 2023/08/03 12:0 a.m.•11 views

CVE-2023-39075

5.1AI score0.00041EPSS

Pen Test Partners Blog•added 2019/12/02 6:12 a.m.•43 views

The snooping girl on a train, again. How to compromise a business

So, I’m on a train, again, sat at a four-seat table, next to two men facing each other. From their conversation and interactions I’ve concluded that they are colleagues. The chap to my left is clearly working on implementation plans for a building management system, for a company I know yeah, I g...

6.5AI score

Exploits0

CNVD•added 2017/12/06 12:0 a.m.•1 views

Google Android Kernel MTP USB Driver Elevation of Privilege Vulnerability

Android on Google Pixel and Nexus is an open source Linux-based operating system for Google Pixel and Nexus smartphones developed by Google and the Open Handheld Alliance OHA.Kernel MTP USB driver is a USB data transfer driver using the Kernel MTP USB driver is one of the USB data transfer driver...

7.8CVSS7.3AI score0.00016EPSS

CNVD•added 2015/06/08 12:0 a.m.•2 views

Linux kernel OZWPAN driver denial of service vulnerability (CNVD-2015-03715)

Linux kernel is an open source operating system.OZWPAN is one of the drivers for receiving, parsing and forwarding network packets. The Linux kernel OZWPAN driver has a security vulnerability due to the 'ozusbrx' and 'ozusb handleepdata' functions fail to properly check the size of a particular...

9CVSS6.9AI score0.03715EPSS

OSV•added 2015/06/07 11:59 p.m.•1 views

DEBIAN-CVE-2015-4003

The ozusbhandleepdata function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service divide-by-zero error and system crash via a crafted packet...

7.8CVSS7.3AI score0.01247EPSS

OpenVAS•added 2011/01/31 12:0 a.m.•387 views

MS Windows HID Functionality(Over USB) Code Execution Vulnerability

This host is installed with USB device driver software and is prone to code execution vulnerability. OpenVAS Vulnerability Test $Id: gbmswindowshidoverusbcodeexecvuln.nasl 8724 2018-02-08 15:02:56Z cfischer $ MS Windows HID FunctionalityOver USB Code Execution Vulnerability Authors: Antu Sanadi...

6.9CVSS0.3AI score0.01284EPSS

OpenVAS•added 2011/01/31 12:0 a.m.•782 views

Microsoft Windows HID Functionality (Over USB) Code Execution Vulnerability (Jan 2011)

A USB device driver software is prone to a code execution vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.9CVSS5.2AI score0.01284EPSS

Prion•added 2011/01/25 1:0 a.m.•15 views

Null pointer dereference

Apple Mac OS X does not properly warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the...

6.9CVSS7.2AI score0.00056EPSS

UbuntuCve•added 2011/01/25 1:0 a.m.•22 views

CVE-2011-0640

The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device HID functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a...

6.9CVSS7.3AI score0.0007EPSS