PT-2026-33448

Name of the Vulnerable Software and Affected Versions dnsmasq affected versions not specified Description A remote attacker can trigger an out-of-bounds write by sending a specially crafted BOOTREPLY Bootstrap Protocol Reply packet to a server configured with the --dhcp-split-relay option. This...

SUSE SLES12 Security Update : shim (SUSE-SU-2026:1414-1)

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1414-1 advisory. shim is updated to version 16.1: - shimstartimage: fix guid/handle pairing when uninstalling protocols - Fix uncompressed ipv6 netboot - fix test...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007552)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007552 advisory. In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix usecount leakage when handling boot-on I found a usecount leakage towards...

poc

poc Collection of my PoC's for various vulnerabilities. L...

com.exactpro.sf:sailfish-frontend (>=3.2.1036 <=3.4.260), com.github.persapiens:jsf-bootsfaces-spring-boot-starter (>=1.6.0 <=1.7.3) +67 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=1.10 <=1.14.1)

org.omnifaces:omnifaces MAVEN version =1.10, =3.2.1036, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.6.0, =1.7.0, =1.3.0, =1.2.0, =1.6.0, =1.7.0, =1.3.0, =1.0.0, =1.6.0, =1.7.0, =1.7.3 and more Source cves: CVE-2026-41883https://vulners.com...

com.flowlogix.depchain:shiro-jakarta (>=101 <=115), de.muehlencord.pf-adm:pf-adm-spring-boot-autoconfigure (=0.2.0) +6 more potentially affected by CVE-2026-41883 via org.omnifaces:omnifaces (>=5.0-M2 <=5.2.2)

org.omnifaces:omnifaces MAVEN version =5.0-M2, =101, =5.0-M2, =5.0-M2, =6.0.4, =6.0.4, =6.1.0-m4 Source cves: CVE-2026-41883 Source advisory: OSV:GHSA-VP6R-9M58-5XV8...

EUVD-2025-209508

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Summary (CVE-2025-54502) : Affected software is the AMD Platform Configuration Blob (APCB) SMM driver. The issue is an incorrect use of a boot service in APCB SMM, which could allow a local (Ring 0) attacker to escalate privileges and potentially execute arbitrary code. The CVSS-like metrics indi...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

Security update for shim

This update for shim fixes the following issues: shim is updated to version 16.1: shimstartimage: fix guid/handle pairing when uninstalling protocols Fix uncompressed ipv6 netboot fix test segfaults caused by uninitialized memory SbatLevelVariable.txt: minor typo fix. Realloc needs to allocate on...

AMD EPYC Processor 安全漏洞

The AMD EPYC Processor is a series of multi-core processors developed by American semiconductor company AMD. There is a security vulnerability in the AMD EPYC Processor, which stems from improper use of the boot service. This vulnerability may lead to privilege escalation and arbitrary code...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: uboot-tools (UTSA-2026-007172)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007172 advisory. barebox is a bootloader. In barebox from version 2016.03.0 to before version 2026.03.1 and the corresponding backport to 2025.09.3, an attacker could exploit a FIT...

CVE-2026-26175

Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-0390

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

Microsoft Issues Patches for SharePoint Zero-Day and 168 Other New Vulnerabilities

Microsoft on Tuesday released updates to address a record 169 security flaws across its product portfolio, including one vulnerability that has been actively exploited in the wild. Of these 169 vulnerabilities, 157 are rated Important, eight are rated Critical, three are rated Moderate, and one i...

EUVD-2026-22412

Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack...

EUVD-2026-22350

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...

CVE-2026-26175

Use of uninitialized resource in Windows Boot Manager allows an unauthorized attacker to bypass a security feature with a physical attack...

CVE-2026-0390

Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally...