Syntax: kev:true severity:critical epss:>0.95 vendor:cisco patch:false
Filters
Severity
Exploitation
Data Source
Data Quality
Vendor
CWE — Weakness Type
Clear all
Top 20 matches Showing top matches — use filters or a more specific query to narrow
An issue was discovered in the COROS application through 3.8.12 for Android. Bluetooth pairing and bonding is neither initiated nor enforced by the application itself. Also, the watch does not enforce
An issue was discovered on COROS PACE 3 devices through 3.0808.0. The BLE implementation of the COROS smartwatch does not support LE Secure Connections and instead enforces BLE Legacy Pairing. In BLE
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It starts advertising if no device is connected via Bluetooth. This allows an attacker to connect with the device via BLE if no other
CVE-2025-32877
CRITICAL CVSS 9.8
Find Similar
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It identifies itself as a device without input or output capabilities, which results in the use of the Just Works pairing method. This
CVE-2025-48706
CRITICAL CVSS 9.1
Find Similar
An issue was discovered in COROS PACE 3 through 3.0808.0. Due to an out-of-bounds read vulnerability, sending a crafted BLE message forces the device to reboot.
Insecure permissions in the Bluetooth Low Energy (BLE) component of Fire-Boltt Artillery Smart Watch NJ-R6E-10.3 allow attackers to cause a Denial of Service (DoS).
A state machine transition flaw in the Bluetooth Low Energy (BLE) stack of Cypress PSoC4 v3.66 allows attackers to bypass the pairing process and authentication via a crafted pairing_failed packet.
CVE-2025-32878
CRITICAL CVSS 9.8
Find Similar
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. This function is mainly for downloading firmware files. Before downloading fi
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-
CVE-2025-32880
CRITICAL CVSS 9.8
Find Similar
An issue was discovered on COROS PACE 3 devices through 3.0808.0. It implements a function to connect the watch to a WLAN. With WLAN access, the COROS Pace 3 downloads firmware files via HTTP. However
CVE-2025-69969
CRITICAL CVSS 9.6
Find Similar
A lack of authentication and authorization mechanisms in the Bluetooth Low Energy (BLE) communication protocol of SRK Powertech Pvt Ltd Pebble Prism Ultra v2.9.2 allows attackers to reverse engineer t
Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetoo
A vulnerability was reported in version 1.0 of the Bluetooth Transmission Alliance protocol adopted by Motorola Smart Connect Android Application that could allow a nearby attacker within the Bluetoot
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the d
Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.
An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafte
An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices.
Path traversal vulnerability in the Bluetooth module Impact: Successful exploitation of this vulnerability may affect service confidentiality.
An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.
AuntyFey Smart Combination Lock firmware versions as of 2025-12-24 contain a vulnerability that allows an unauthenticated attacker within Bluetooth Low Energy (BLE) range to cause a denial of service
Page 1+ Next →