CVE-2026-34961 barebox ext4 Extent Parsing Out-of-Bounds Read

barebox prior to version 2026.04.0 contains out-of-bounds read vulnerabilities in ext4 extent parsing due to missing validation of the ehentries field against buffer capacity in fs/ext4/ext4common.c. Attackers can supply a malicious ext4 filesystem image via USB, SD card, or network boot to trigg...

CVE-2025-14302 GIGABYTE｜Motherboard - Protection Mechanism Failure

Certain motherboard models developed by GIGABYTE has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security feature...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-43889)

padata: vulnerability due to a possible divide-by-zero error in padatamthelper during bootup, caused by an uninitialized chunksize being zero. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2025-41713

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

CVE-2025-41713 WAGO: Vulnerability in hardware switch circuit

During a short time frame while the device is booting an unauthenticated remote attacker can send traffic to unauthorized networks due to the switch operating in an undefined state until a CPU-induced reset allows proper configuration...

PT-2025-37459

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: During a short time frame while the device is booting, an unauthenticated remote attacker can send traffic to unauthorized networks because the switch operates in an undefined state until a...

CVE-2025-52549

CVE-2025-52549 affects Copeland/E3 Site Supervisor Control. Vulnerable firmware versions prior to 2.31F01 generate a root Linux password on each boot, enabling an attacker to derive the root password from known or easily obtainable parameters. Impacts include full device compromise with root acce...

CVE-2025-24507

This vulnerability allows appliance compromise at boot time...

CVE-2024-28875

A security flaw involving hard-coded credentials in LevelOne WBR-6012's web services allows attackers to gain unauthorized access during the first 30 seconds post-boot. Other vulnerabilities can force a reboot, circumventing the initial time restriction for exploitation.The backdoor string can be...

CVE-2023-38484

Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...