Skip to main content

Pcsuite

2 CVEs product

Monthly

CVE-2026-12058 MEDIUM This Month

Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.

Authentication Bypass Pcsuite
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-11535 CRITICAL Act Now

Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.

Authentication Bypass Pcsuite
NVD VulDB
CVSS 4.0
9.4
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

Vivo PcSuite's connection confirmation pop-up - a security gate that prompts users to authorize PC-to-device connections - can be bypassed by an adjacent unauthenticated attacker, rooted in CWE-807 (Reliance on Untrusted Inputs in a Security Decision). All versions of PcSuite are listed as affected per the wildcard CPE (cpe:2.3:a:vivo:pcsuite:*:*:*:*:*:*:*:*), and the attack requires only adjacent network positioning with no privileges or user interaction. No public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV, keeping real-world urgency moderate.

Authentication Bypass Pcsuite
NVD
EPSS 0% CVSS 9.4
CRITICAL Act Now

Information disclosure in Vivo PcSuite versions below 6.2.5 allows adjacent attackers within Bluetooth range to bypass an authentication mechanism in a specific function and obtain sensitive data without user interaction. The flaw is tracked as a missing-authentication weakness (CWE-306) reported directly by Vivo and carries a CVSS 4.0 score of 9.4, with no public exploit identified at time of analysis.

Authentication Bypass Pcsuite
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy