24h | 7d | 30d

CVE-2025-20702

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series, AB1627
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible unauthorized access to the RACE protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.
insinuator.net/2025/12/bluetoo

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-14177

Overview

  • PHP Group
  • PHP
  • php
27 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
MEDIUM (6.3)
EPSS
0.04%
KEV

Description

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Statistics

  • 3 Posts
Last activity: 4 hours ago

Bluesky

Profile picture
nixpkgs security changes @nixpkgssecuritychanges.gerbet.me
php: 8.4.15 -> 8.4.16, 8.3.28 -> 8.3.29, 8.2.29 -> 8.2.30, fixes CVE-2025-14177, CVE-2025-14178, CVE-2025-14180, GHSA-www2-q4fc-65wf https://github.com/NixOS/nixpkgs/pull/475115 #security
  • 0
  • 0
  • 2
  • 4h ago

CVE-2025-20701

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.07%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.
insinuator.net/2025/12/bluetoo

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-20700

Overview

  • Airoha Technology Corp.
  • AB156x, AB157x, AB158x, AB159x series, AB1627
04 Aug 2025
Published
05 Aug 2025
Updated
CVSS
Pending
EPSS
0.04%
KEV

Description

In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

  • 1 Post
Last activity: 19 hours ago

Fediverse

Profile picture
ekiledjian @edwardk

Researchers Dennis Heinze and Frieder Steinmetz disclose three critical vulnerabilities (CVE-2025-20700, CVE-2025-20701, CVE-2025-20702) in Airoha-based Bluetooth headphones and earbuds, allowing for unauthenticated access, eavesdropping, data extraction, and potentially arbitrary code execution by chaining these flaws. They have also released a RACE Toolkit to help users check for vulnerabilities.
insinuator.net/2025/12/bluetoo

  • 0
  • 0
  • 0
  • 19h ago

CVE-2025-15192

Overview

  • D-Link
  • DWR-M920
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.43%
KEV

Description

A security vulnerability has been detected in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
cR0w @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 23h ago

CVE-2025-15189

Overview

  • D-Link
  • DWR-M920
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be used.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
cR0w @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 23h ago

CVE-2025-15191

Overview

  • D-Link
  • DWR-M920
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
MEDIUM (5.3)
EPSS
0.43%
KEV

Description

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
cR0w @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 23h ago

CVE-2025-15190

Overview

  • D-Link
  • DWR-M920
29 Dec 2025
Published
29 Dec 2025
Updated
CVSS v4.0
HIGH (8.7)
EPSS
0.08%
KEV

Description

A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.

Statistics

  • 1 Post
  • 2 Interactions
Last activity: 23 hours ago

Fediverse

Profile picture
cR0w @cR0w

D-Link

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cve.org/CVERecord?id=CVE-2025-

cc: @Dio9sys @da_667

  • 0
  • 2
  • 0
  • 23h ago

CVE-2025-64505

Overview

  • pnggroup
  • libpng
24 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
MEDIUM (6.1)
EPSS
0.02%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security update for #SUSE Linux systems. The libpng16 library vulnerabilities (CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018) require immediate attention. Read more: 👉 tinyurl.com/s3hj57cu #Security
  • 0
  • 0
  • 0
  • 1h ago

CVE-2025-65018

Overview

  • pnggroup
  • libpng
24 Nov 2025
Published
25 Nov 2025
Updated
CVSS v3.1
HIGH (7.1)
EPSS
0.03%
KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post
Last activity: 1 hour ago

Bluesky

Profile picture
ferramentaslinux.bsky.social @ferramentaslinux.bsky.social
Critical security update for #SUSE Linux systems. The libpng16 library vulnerabilities (CVE-2025-64505, CVE-2025-64506, CVE-2025-64720, CVE-2025-65018) require immediate attention. Read more: 👉 tinyurl.com/s3hj57cu #Security
  • 0
  • 0
  • 0
  • 1h ago
Showing 51 to 60 of 68 CVEs