Lucene search
K

10464 matches found

Vulnrichment
Vulnrichment
added 2026/02/12 10:51 a.m.4 views

CVE-2025-15575 Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

5.5AI score0.00123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:51 a.m.5 views

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

5.3CVSS5.5AI score0.00123EPSS
Exploits0References2Affected Software5
CVE
CVE
added 2026/02/12 10:51 a.m.22 views

CVE-2025-15575

The CVE-2025-15575 issue affects Solax Power Pocket WiFi. The firmware update functionality does not verify the authenticity of supplied firmware update files and lacks cryptographic checks (e.g., digital signatures). ESP32 security features such as secure boot are not used. Root cause: no authen...

5.3CVSS5.5AI score0.00123EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.8 views

PT-2026-7837

Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi affected versions not specified Description The firmware update functionality lacks verification of the authenticity of supplied firmware update files. This allows attackers to flash malicious firmware updates onto the...

5.3CVSS5.8AI score0.00123EPSS
Exploits0References5
OSV
OSV
added 2026/02/11 9:16 a.m.8 views

RLSA-2026:2225 Critical: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication CVE-2026-1709 For more details about the...

9.4CVSS5.7AI score0.0575EPSS
Exploits0References2
NVD
NVD
added 2026/02/10 8:16 p.m.8 views

CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...

5.4CVSS0.00126EPSS
Exploits0References1
NVD
NVD
added 2026/02/10 8:16 p.m.4 views

CVE-2025-29949

Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...

4.8CVSS0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 7:49 p.m.4 views

CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...

5.4CVSS6AI score0.00126EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/10 7:49 p.m.5 views

CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...

5.4CVSS6AI score0.00126EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 7:49 p.m.21 views

CVE-2025-48515

CVE-2025-48515 concerns the AMD Secure Processor (ASP) Boot Loader. The provided documents describe insufficient parameter sanitization that could allow an attacker with access to a SPI ROM upgrade to overwrite memory, potentially enabling arbitrary code execution. The PT-2026-7464 entry reiterat...

5.4CVSS6AI score0.00126EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/10 7:49 p.m.24 views

CVE-2025-48515

Insufficient parameter sanitization in AMD Secure Processor ASP Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution...

5.4CVSS0.00126EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/10 7:46 p.m.7 views

CVE-2025-29949

Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...

4.8CVSS5.5AI score0.00134EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/10 7:46 p.m.5 views

CVE-2025-29949

Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...

4.8CVSS5.5AI score0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/02/10 7:46 p.m.26 views

CVE-2025-29949

Insufficient input parameter sanitization in AMD Secure Processor ASP Boot Loader legacy recovery mode only could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service...

4.8CVSS0.00134EPSS
Exploits0References1
CVE
CVE
added 2026/02/10 7:46 p.m.12 views

CVE-2025-29949

CVE-2025-29949 is an AMD ASP Boot Loader issue limited to legacy recovery mode. The connected documents confirm insufficient input parameter sanitization in the ASP Boot Loader, which could allow an out-of-bounds write that corrupts Secure DRAM and may cause a denial of service. Affected software...

4.8CVSS5.5AI score0.00134EPSS
Exploits0References1
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.52 views

February 10, 2026—KB5075912 (OS Builds 19045.6937 and 19044.6937)

February 10, 2026—KB5075912 OS Builds 19045.6937 and 19044.6937 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business...

8.8CVSS6.8AI score0.25835EPSS
Exploits9
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.127 views

February 10, 2026—KB5075904 (OS Build 17763.8389)

February 10, 2026—KB5075904 OS Build 17763.8389 Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices for the...

8.8CVSS6.9AI score0.25835EPSS
Exploits9
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.11 views

February 10, 2026—KB5075970 (Monthly Rollup)

February 10, 2026—KB5075970 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU...

8.8CVSS6.9AI score0.25835EPSS
Exploits8
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.36 views

February 10, 2026—Hotpatch KB5075942 (OS Build 26100.32313)

None None...

9.8CVSS6.9AI score0.99962EPSS
Exploits36
Microsoft KB
Microsoft KB
added 2026/02/10 4:0 p.m.29 views

February 10, 2026—KB5075897 (OS Build 25398.2149)

February 10, 2026—KB5075897 OS Build 25398.2149 This cumulative update for Windows Server, version 23H2 KB5075897, includes the latest security fixes and improvements, along with non-security updates from last month’s optional preview release. To learn more about differences between security...

9.8CVSS7.3AI score0.99962EPSS
Exploits37
Rows per page
Query Builder