CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

EUVD-2020-26713

Malware in sbrugna...

EUVD-2015-5564

Malware in sbrugna...

EUVD-2023-32961

Malicious code in bioql PyPI...

SinoTrack GPS Devices Vulnerable to Remote Vehicle Control via Default Passwords

Two security vulnerabilities have been disclosed in SinoTrack GPS devices that could be exploited to control certain remote functions on connected vehicles and even track their locations. "Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without...

PT-2025-25200 · Sinotrack · Sinotrack Devices

Name of the Vulnerable Software and Affected Versions: SinoTrack devices affected versions not specified Description: The issue concerns a default password that is well-known and common to all SinoTrack devices, which can be used to authenticate to the central device management interface. A...

CVE-2023-20673

In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103...

CVE-2023-20746

In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217...

CVE-2023-20673

In vcu, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519103...

CVE-2023-29389

Toyota RAV4 2021 vehicles automatically trust messages from other ECUs on a CAN bus, which allows physically proximate attackers to drive a vehicle by accessing the control CAN bus after pulling the bumper away and reaching the headlight connector, and then sending forged "Key is validated"...

Security vulnerabilities in major car brands revealed

Your car potentially hasnt "just" been a car for a long time. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. These systems tie into everything from passwords and web chat systems for car company employees, to file repositories and oth...

CVE-2019-9493

The MyCar Controls of AutoMobility Distribution Inc., mobile application contains hard-coded admin credentials. A remote unauthenticated attacker may be able to send commands to and retrieve data from a target MyCar unit. This may allow the attacker to learn the location of a target, or gain...

Hyundai Motor America Blue Link

CVSS v3 7.5 ATTENTION: Remotely exploitable Vendor: Hyundai Motor America Equipment: Blue Link Vulnerability: Man-in-the-Middle, Use of Hard-Coded Cryptographic Key AFFECTED PRODUCTS The following versions of Blue Link, a mobile application for Hyundai vehicle management, are affected: Blue Link...

BMW in-car infotainment system ConnectedDrive aeration remote control 0day vulnerabilities-vulnerability warning-the black bar safety net

! ConnectedDrives is the BMW car infotainment system, The system can move the APP to manage the vehicle. In addition to the APP, the system also provides a complete Web application. Vulnerability lab security researcher BenjaminKunz Mejri in to the BMW official submission of a vulnerability five...

A common GPS satellite positioning platform vulnerability disaster the user's location information in an emergency-vulnerability warning-the black bar safety net

Recently, in the news of the exposure of the many by the GPS positioning device, tracking the abduction of the event http://news.xinhuanet.com/legal/2015-11/15/c1284295262.htm in. Many users have to consult, there is no method for detecting it? So in the market to buy some GPS positioning...

Authentication Bypass Vulnerability in Large Vehicle GPS Location Systems

Most of the websites are asp pages, with more vulnerabilities and weak password login, leading to the leakage of a large amount of vehicle information, as well as the ability to manage and control vehicles, which can cause greater traffic hazards...

Fiat Chrysler Automobiles UConnect allows a vehicle to be remotely controlled

Overview Fiat Chrysler Automobiles FCA UConnect may allow a remote attacker to control physical vehicle functions. Description According to a WIRED news article, an unknown vulnerability in FCA UConnect software allows some functions of recent models of Jeep Cherokee to be controlled by a remote...

Fiat Chrysler Automobiles Uconnect Remote Elevation of Privilege Vulnerability

Fiat Chrysler Automobiles Uconnect is a suite of in-car information systems from Fiat Chrysler Automobiles FCA in the United States. An unspecified vulnerability exists in Fiat Chrysler Automobiles Uconnect 15.26.1. A remote attacker on the same mobile network could exploit this vulnerability by...

CVE-2015-5611

CVE-2015-5611 covers a missing authentication vulnerability in FCA Uconnect infotainment systems (Uconnect 8.4AN/RA3/RA4) used in 2013–2015 FCA vehicles. The root cause is unauthenticated access allowing remote commands via the entertainment-system firmware and CAN bus due to insufficient Radio s...

CVE-2015-5611

Unspecified vulnerability in Uconnect before 15.26.1, as used in certain Fiat Chrysler Automobiles FCA from 2013 to 2015 models, allows remote attackers in the same cellular network to control vehicle movement, cause human harm or physical damage, or modify dashboard settings via vectors related ...