10466 matches found
CVE-2021-27430
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...
CVE-2021-27097
The boot loader in Das U-Boot before 2021.04-rc2 mishandles a modified FIT...
CVE-2021-27138
The boot loader in Das U-Boot before 2021.04-rc2 mishandles use of unit addresses in a FIT...
CVE-2025-62877
Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...
CVE-2025-62877 Harvest may expose OS default ssh login password via SUSE Virtualization Interactive Installer
Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...
CVE-2025-62877
CVE-2025-62877 affects SUSE Virtualization (Harvester) where the interactive installer on Harvester 1.5.x–1.6.x may expose the OS default SSH password when creating a new cluster or adding hosts. The issue does not occur when PXE boot with the Harvester configuration is used. Affected component i...
IGEL OS < 11.0.0 Secure Boot bypass (CVE-2025-47827)
The version of IGEL OS running on the remote host is prior to version 11. It is, therefore, affected by a cryptographic signature verification vulnerability in the igel-flash-driver module. An attacker could exploit this flaw to bypass Secure Boot protections. By leveraging the improper...
FreeRDP DoS Vulnerability (GHSA-3p57-rq4q-233x)
FreeRDP is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:freerdpproject:freerdp...
CVE-2025-64305
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...
CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...
CVE-2025-64305 Columbia Weather Systems MicroServer Cleartext Storage in a File or on Disk
MicroServer copies parts of the system firmware to an unencrypted external SD card on boot, which contains user and vendor secrets. An attacker can utilize these plaintext secrets to modify the vendor firmware, or gain admin access to the web portal...
africa.absa:inception-application (>=1.0.0 <=1.2.0), app.fmgp:scala-did-docs_3 (>=0.1.0-M16 <=0.1.0-M33) +3482 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (>=1.0.0.Alpha1 <=2.2.38.Final)
io.undertow:undertow-core MAVEN version =1.0.0.Alpha1, =1.0.0, =0.1.0-M16, =1.0.0, =0.4.0, =2.0.0, =1.0.2, =1.0.0, =1.2.1, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-12543 Source advisory: OSV:GHSA-J382-5JJ3-VW4J...
CVE-1999-0799
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location...
PT-2026-1845
Name of the Vulnerable Software and Affected Versions Columbia Weather Systems MicroServer affected versions not specified Description The MicroServer copies portions of the system firmware to an unencrypted external SD card during boot. This firmware includes user and vendor secrets in plaintext...
PT-2026-1506
Name of the Vulnerable Software and Affected Versions SUSE Virtualization Harvester versions 1.5.x through 1.6.x Description The interactive installer for SUSE Virtualization Harvester may expose the default OS SSH login password when creating a new cluster or adding hosts to an existing cluster...
Use of Hard-coded Credentials
Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the interactive installer process. An attacker can gain unauthorized remote access to the host system by exploiting the default administrative credentials over SSH before the password is reset. This is...
HTTP Fetch, Linux Reboot
Fetch and execute an RISC-V 32-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv32le/reboot msf...
HTTP Fetch, Linux Reboot
Fetch and execute an RISC-V 64-bit payload from an HTTP server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/http/riscv64le/reboot msf...
HTTPS Fetch, Linux Reboot
Fetch and execute an RISC-V 32-bit payload from an HTTPS server. A very small shellcode for rebooting the system using the reboot syscall. This payload is sometimes helpful for testing purposes. Requires CAPSYSBOOT privileges. Module Options msf use payload/cmd/linux/https/riscv32le/reboot msf...
warehouse 授权问题漏洞
warehouse is a spring boot based logistics management system for small and medium-sized warehouses by yeqifu individual developers. There is an authorization issue vulnerability in warehouse, which originates from improper authorization of the function saveUserRole in the file...