Lucene search
K

32 matches found

CERT
CERT
added 2026/06/18 12:0 a.m.5 views

Vendor-signed UEFI applications found vulnerable to Secure Boot bypass

Overview Multiple vendor-signed UEFI applications are vulnerable to Secure Boot bypass via a "Bring Your Own Vulnerable Driver" BYOVD-style attack. If a target system trusts the affected vendor’s certificate, an attacker can exploit these applications to execute arbitrary code during the early...

8.2CVSS7.5AI score0.01036EPSS
Exploits1References7
CERT
CERT
added 2026/06/09 12:0 a.m.43 views

Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Forbidden Signature Database DBX. Once the D...

7.8CVSS6.4AI score0.00097EPSS
Exploits0References14
The Hacker News
The Hacker News
added 2026/04/06 10:7 a.m.5 views

Qilin and Warlock Ransomware Use Vulnerable Drivers to Disable 300+ EDR Tools

Threat actors associated with Qilin and Warlock ransomware operations have been observed using the bring your own vulnerable driver BYOVD technique to silence security tools running on compromised hosts, according to findings from Cisco Talos and Trend Micro. Qilin attacks analyzed by Talos have...

5.9AI score
Exploits0
Cvelist
Cvelist
added 2026/02/24 5:11 p.m.37 views

CVE-2025-14963

A vulnerability identified in the HX Agent driver file fekern.sys allowed a threat actor with local user access the ability to gain elevated system privileges. Utilization of a Bring Your Own Vulnerable Driver BYOVD was leveraged to gain access to the critical Windows process memory lsass.exe Loc...

7.1CVSS0.001EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/02/24 12:0 a.m.14 views

PT-2026-21777

Name of the Vulnerable Software and Affected Versions Trellix HX Agent affected versions not specified Description A security issue exists in the Trellix HX Agent driver file fekern.sys that could allow a local user to gain elevated system privileges. Exploitation involved leveraging a Bring Your...

7.1CVSS5.2AI score0.001EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2026/02/04 1:47 a.m.285 views

Exploit for CVE-2026-0828

💀 0xKern3lCrush-M4te-CVE-2026-0828 Windows BYOVD Research &...

8.7CVSS5.7AI score0.08963EPSS
Exploits9
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-4964

Malicious code in bioql PyPI...

3.8CVSS8.8AI score0.0047EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-15239

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00746EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/09/17 12:0 a.m.19 views

VulnCheck KEV: CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

3.8CVSS5.9AI score0.0047EPSS
In wildExploits1References5
Fedora
Fedora
added 2025/05/11 1:16 a.m.11 views

[SECURITY] Fedora 42 Update: python-h11-0.14.0-7.fc42

This is a little HTTP/1.1 library written from scratch in Python, heavily inspired by hyper-h2. It is a "bring-your-own-I/O" library; h11 contains no IO code whatsoever. This means you can hook h11 up to your favorite network API, and that could be anything you want: synchronous, threaded,...

9.1CVSS9.3AI score0.00522EPSS
Exploits0
The Hacker News
The Hacker News
added 2025/03/27 2:10 p.m.9 views

Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks

A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that's designed to disable endpoint detection and response EDR software on compromised hosts, according to ESET...

7.2AI score
Exploits0
CERT
CERT
added 2025/02/28 12:0 a.m.20 views

Paragon Software Hard Disk Manager product line contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks

Overview The Paragon Software Hard Disk Manager HDM product line contains a vulnerable driver titled BioNTdrv.sys. The driver, versions 10.1.X.Y and older, 1.0.0.0, 1.1.0.0, 1.3.0.0, 1.4.0.0, and 1.5.1.0, contain five vulnerabilities. These include arbitrary kernel memory mapping and write...

8.4CVSS7.9AI score0.0046EPSS
Exploits1References2
OSV
OSV
added 2025/02/11 10:15 p.m.2 views

CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

3.8CVSS5.9AI score0.0047EPSS
Exploits1References1
NVD
NVD
added 2025/02/11 10:15 p.m.11 views

CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

3.8CVSS0.0047EPSS
Exploits1References1
CVE
CVE
added 2025/02/11 12:0 a.m.67 views

CVE-2024-51324

CVE-2024-51324 exists in Baidu Antivirus driver BdApiUtil64.sys (v5.2.3.116083). The vulnerability arises from an IOCTL handler (0x800024B4) that terminates a target process without privilege validation, enabling a BYOVD attack to kill arbitrary processes from user mode. Exploitation chain demons...

3.8CVSS4.4AI score0.0047EPSS
In wildExploits1References1
Microsoft KB
Microsoft KB
added 2025/01/14 8:0 a.m.80 views

January 14, 2025—KB5050013 (OS Build 10240.20890) - EXPIRED

January 14, 2025—KB5050013 OS Build 10240.20890 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

9.8CVSS7.4AI score0.80912EPSS
Exploits7
Talos Blog
Talos Blog
added 2024/12/19 11:4 a.m.23 views

Exploring vulnerable Windows drivers

This post is the result of research into the real-world application of the Bring Your Own Vulnerable Driver BYOVD technique along with Cisco Talos' series of posts about malicious Windows drivers. Some of this research was presented at the AVAR conference in Chennai at the beginning of December...

7.8CVSS6.8AI score0.04284EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/11/25 9:16 a.m.6 views

Researchers Uncover Malware Using BYOVD to Bypass Antivirus Protections

Cybersecurity researchers have uncovered a new malicious campaign that leverages a technique called Bring Your Own Vulnerable Driver BYOVD to disarm security protections and ultimately gain access to the infected system. "This malware takes a more sinister route: it drops a legitimate Avast...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2024/02/29 11:19 a.m.63 views

Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks

The notorious Lazarus Group actors exploited a recently patched privilege escalation flaw in the Windows Kernel as a zero-day to obtain kernel-level access and disable security software on compromised hosts. The vulnerability in question is CVE-2024-21338 CVSS score: 7.8, which can permit an...

7.8CVSS9.3AI score0.51865EPSS
Exploits13
OSV
OSV
added 2023/10/12 8:15 p.m.4 views

CVE-2023-23632

BeyondTrust Privileged Remote Access PRA versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the...

7.8CVSS5.8AI score0.00193EPSS
Exploits1References2
Rows per page
Query Builder