CVE-2026-10046 Out-of-bounds write in Napoca BIOS INT 0x15 E820 memory map handler (VA-13905)

Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bioshandlers.c. The handler computes a destination offset into the guest RealModeMemory buffer from guest-controlled ES and EDI...

SUSE CVE-2025-2296

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

CVE-2025-36579

Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access...

EulerOS Virtualization 2.12.1 : edk2 (EulerOS-SA-2026-1471)

According to the versions of the edk2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2026-1528)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for edk2 (EulerOS-SA-2026-1471)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-0940

A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...

EUVD-2026-2664

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode...

CVE-2026-0421

A potential vulnerability was reported in the BIOS of L13 Gen 6, L13 Gen 6 2-in-1, L14 Gen 6, and L16 Gen 2 ThinkPads which could result in Secure Boot being disabled even when configured as “On” in the BIOS setup menu. This issue only affects systems where Secure Boot is set to User Mode...

Lenovo ThinkPad BIOS 安全漏洞

Lenovo ThinkPad BIOS is a program for booting the system of a laptop from the Chinese company Lenovo Lenovo. A security vulnerability exists in the Lenovo ThinkPad BIOS that stems from improper validation of the Secure Boot configuration in the BIOS, which could result in Secure Boot being disabl...

PT-2026-2962

Name of the Vulnerable Software and Affected Versions Lenovo ThinkPad L13 Gen 6 Lenovo ThinkPad L13 Gen 6 2-in-1 Lenovo ThinkPad L14 Gen 6 Lenovo ThinkPad L16 Gen 2 Description A potential issue exists in the BIOS of certain Lenovo ThinkPad models that may allow Secure Boot to be disabled, even...

CVE-2022-31636

Potential time-of-check to time-of-use TOCTOU vulnerabilities have been identified in the BIOS for certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure...

CVE-2024-34167

Uncontrolled search path for the IntelR Server Board S2600ST Family BIOS and Firmware Update software all versions may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2023-4030

A vulnerability was reported in BIOS for ThinkPad P14s Gen 2, P15s Gen 2, T14 Gen 2, and T15 Gen 2 that could cause the system to recover to insecure settings if the BIOS becomes corrupt...

Huawei EulerOS: Security Advisory for EDK2 (EulerOS-SA-2025-2571)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-38798

A flaw was found in EDK2. This vulnerability allows information disclosure or escalation of privilege via local access to the BIOS Basic Input/Output System. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security...

PT-2025-50941

APTIOV contains a vulnerability in BIOS where a user may cause “Improper Handling of Insufficient Permissions or Privileges” by local access. Successful exploitation of this vulnerability can lead to escalation of authorization and potentially impact Integrity and Availability...

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause "Exposure of Sensitive Information to an Unauthorized Actor" by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

edk2 security update

20250905-4 - Create new 20250905 release for OL9 which includes the following fixed CVEs: - EDK2: EDK2 contains a vulnerability in BIOS where an attacker may cause 'Protection Mechanism Failure' by local access Orabug: 38381983 CVE-2025-3770 - EDK2: EDK2 contains a vulnerability in BIOS where a...

EUVD-2024-55310

EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...